VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 11, 2005· Updated Apr 16, 2026

CVE-2005-2180

CVE-2005-2180

Description

A local attacker can abuse gen-index, part of GNATS, to overwrite arbitrary files by supplying any path via the -o option when the binary is setuid.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local attacker can abuse gen-index, part of GNATS, to overwrite arbitrary files by supplying any path via the -o option when the binary is setuid.

Vulnerability

The gen-index utility in GNATS versions 4.0, 4.1.0, and possibly earlier, contains a file handling flaw in its main() function. When gen-index is installed setuid (especially root, as noted when compiled from source without a dedicated gnats user), the -o option accepts an arbitrary file path provided by the user. The program then opens that file with write access (fopen(file_name, "w+")) without any validation of the path or checking whether the user has legitimate write permissions on that file. This allows a local user to overwrite any file on the system that the effective user (e.g., root) can write to. [1]

Exploitation

An attacker must have local shell access on the system where GNATS is installed and gen-index is present as a setuid binary (typically setuid root). No authentication beyond local user credentials is required. The attacker simply runs gen-index -o /path/to/target_file and provides the desired content (e.g., via stdin or file). The program will truncate and overwrite the specified file. The attack is straightforward and does not require a race condition or any user interaction beyond executing the command. [1]

Impact

Successful exploitation allows a local attacker to overwrite arbitrary files on the system with the privileges of the setuid owner (usually root). This can lead to a complete system compromise, for example by overwriting critical system files such as /etc/passwd or /etc/shadow to gain root access, or by overwriting executable binaries to insert backdoors. The confidentiality, integrity, and availability of the system are all at risk. [1]

Mitigation

No official patch or fixed version is mentioned in the available references. The recommended mitigation is to remove the setuid bit from the gen-index binary if it is not needed, or to ensure that GNATS is installed using a dedicated non-root user (the gnats user) so that the binary does not run as root. Additionally, system administrators should review the use of setuid binaries and apply the principle of least privilege. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]

References
  1. 'GNATS - gen-index' - MARC

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • GNU/Gnats2 versions
    cpe:2.3:a:gnu:gnats:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnu:gnats:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnats:4.1.0:*:*:*:*:*:*:*
  • GNATS/gen-indexllm-create
    Range: <=4.1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.