Lucene search

[email protected]CVE-2003-0036

HistoryFeb 07, 2003 - 5:00 a.m.

CVE-2003-0036

2003-02-0705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

security vulnerability

symlink attack

mandrake linux

printer-drivers package

nvd

6.5 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form “mlg85p%d”.

CPENameOperatorVersion
rildo_pragana:ml85prildo pragana ml85peq*

CPE	Name	Operator	Version
rildo_pragana:ml85p	rildo pragana ml85p	eq	*

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html

www.idefense.com/advisory/01.21.03.txt

www.mandriva.com/security/advisories?name=MDKSA-2003:010

www.securityfocus.com/archive/1/307608/30/26270/threaded

www.securitytracker.com/id?1005959

6.5 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2003-0036

nessus1