CVE-2005-3146

StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.

Published: 2005-10-05 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2005-3146 is rated Low Risk (15.7/100): CVSS Low severity, with low exploitation likelihood (EPSS 0.08%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2005-3146

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-17 0.04% 0.08% +0.04%
2 2023-03-07 1.03% 0.04% -0.99%
3 2022-02-04 1.03%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2005-3146

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 3.9 2.9 [email protected]

Weakness enumeration for CVE-2005-3146

OS Trackers for CVE-2005-3146

vendor priority summary link
debian medium CVE-2005-3146 medium priority: Debian including 1 source packages (storebackup), 4 status rows across 4 suites (bookworm, bullseye, sid, trixie): resolved 4. https://security-tracker.debian.org/tracker/CVE-2005-3146
suse medium https://www.suse.com/security/cve/CVE-2005-3146/
ubuntu medium CVE-2005-3146 medium priority: Ubuntu including 1 source packages (storebackup), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): not-affected 3, needs-triage 1. https://ubuntu.com/security/CVE-2005-3146

Affected software / configurations for CVE-2005-3146

Vendor Product Version Raw CPE
storebackup storebackup 1.1 cpe:2.3:a:storebackup:storebackup:1.1:*:*:*:*:*:*:*
storebackup storebackup 1.2 cpe:2.3:a:storebackup:storebackup:1.2:*:*:*:*:*:*:*
storebackup storebackup 1.3 cpe:2.3:a:storebackup:storebackup:1.3:*:*:*:*:*:*:*
storebackup storebackup 1.4 cpe:2.3:a:storebackup:storebackup:1.4:*:*:*:*:*:*:*
storebackup storebackup 1.5 cpe:2.3:a:storebackup:storebackup:1.5:*:*:*:*:*:*:*
storebackup storebackup 1.6 cpe:2.3:a:storebackup:storebackup:1.6:*:*:*:*:*:*:*
storebackup storebackup 1.7 cpe:2.3:a:storebackup:storebackup:1.7:*:*:*:*:*:*:*
storebackup storebackup 1.8 cpe:2.3:a:storebackup:storebackup:1.8:*:*:*:*:*:*:*
storebackup storebackup 1.8.1 cpe:2.3:a:storebackup:storebackup:1.8.1:*:*:*:*:*:*:*
storebackup storebackup 1.9 cpe:2.3:a:storebackup:storebackup:1.9:*:*:*:*:*:*:*
storebackup storebackup 1.9.1 cpe:2.3:a:storebackup:storebackup:1.9.1:*:*:*:*:*:*:*
storebackup storebackup 1.10 cpe:2.3:a:storebackup:storebackup:1.10:*:*:*:*:*:*:*
storebackup storebackup 1.10.1 cpe:2.3:a:storebackup:storebackup:1.10.1:*:*:*:*:*:*:*
storebackup storebackup 1.11 cpe:2.3:a:storebackup:storebackup:1.11:*:*:*:*:*:*:*
storebackup storebackup 1.12 cpe:2.3:a:storebackup:storebackup:1.12:*:*:*:*:*:*:*
storebackup storebackup 1.12.1 cpe:2.3:a:storebackup:storebackup:1.12.1:*:*:*:*:*:*:*
storebackup storebackup 1.12.2 cpe:2.3:a:storebackup:storebackup:1.12.2:*:*:*:*:*:*:*
storebackup storebackup 1.13 cpe:2.3:a:storebackup:storebackup:1.13:*:*:*:*:*:*:*
storebackup storebackup 1.14 cpe:2.3:a:storebackup:storebackup:1.14:*:*:*:*:*:*:*
storebackup storebackup 1.15 cpe:2.3:a:storebackup:storebackup:1.15:*:*:*:*:*:*:*
storebackup storebackup 1.16 cpe:2.3:a:storebackup:storebackup:1.16:*:*:*:*:*:*:*
storebackup storebackup 1.16.1 cpe:2.3:a:storebackup:storebackup:1.16.1:*:*:*:*:*:*:*
storebackup storebackup 1.16.2 cpe:2.3:a:storebackup:storebackup:1.16.2:*:*:*:*:*:*:*
storebackup storebackup 1.17 cpe:2.3:a:storebackup:storebackup:1.17:*:*:*:*:*:*:*
storebackup storebackup 1.18 cpe:2.3:a:storebackup:storebackup:1.18:*:*:*:*:*:*:*
storebackup storebackup 1.18.1 cpe:2.3:a:storebackup:storebackup:1.18.1:*:*:*:*:*:*:*
storebackup storebackup 1.18.2 cpe:2.3:a:storebackup:storebackup:1.18.2:*:*:*:*:*:*:*
storebackup storebackup 1.18.3 cpe:2.3:a:storebackup:storebackup:1.18.3:*:*:*:*:*:*:*
storebackup storebackup 1.18.4 cpe:2.3:a:storebackup:storebackup:1.18.4:*:*:*:*:*:*:*
suse suse_linux cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*

References for CVE-2005-3146

cvelogic Threat Intelligence