Lucene search

[email protected]CVE-2004-0267

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0267

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

etrust inoculateit

linux

symlink attack

security vulnerability

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.

CPENameOperatorVersion
broadcom:inoculateitbroadcom inoculateiteq6.0

CPE	Name	Operator	Version
broadcom:inoculateit	broadcom inoculateit	eq	6.0

References

marc.info/?l=bugtraq&m=107635584431518&w=2

secunia.com/advisories/10833

www.excluded.org/advisories/advisory10.txt

www.osvdb.org/4735

www.osvdb.org/4855

www.osvdb.org/4856

www.securityfocus.com/bid/9616

exchange.xforce.ibmcloud.com/vulnerabilities/15102

Social References

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON