Lucene search

[email protected]CVE-2004-0770

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-0770

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0770

dgen emulator

local file overwrite

symlink attack

romload.c

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

Affected configurations

NVD

Node

dgenemulatorMatch1.15

dgenemulatorMatch1.16

dgenemulatorMatch1.17

dgenemulatorMatch1.18

dgenemulatorMatch1.20

dgenemulatorMatch1.20_a

dgenemulatorMatch1.21

dgenemulatorMatch1.22

dgenemulatorMatch1.23

Node

debiandebian_linuxMatch3.0

debiandebian_linuxMatch3.0alpha

debiandebian_linuxMatch3.0arm

debiandebian_linuxMatch3.0hppa

debiandebian_linuxMatch3.0ia-32

debiandebian_linuxMatch3.0ia-64

debiandebian_linuxMatch3.0m68k

debiandebian_linuxMatch3.0mips

debiandebian_linuxMatch3.0mipsel

debiandebian_linuxMatch3.0ppc

debiandebian_linuxMatch3.0s-390

debiandebian_linuxMatch3.0sparc

CPENameOperatorVersion
dgen:emulatordgen emulatoreq1.15
dgen:emulatordgen emulatoreq1.16
dgen:emulatordgen emulatoreq1.17
dgen:emulatordgen emulatoreq1.18
dgen:emulatordgen emulatoreq1.20
dgen:emulatordgen emulatoreq1.20_a
dgen:emulatordgen emulatoreq1.21
dgen:emulatordgen emulatoreq1.22
dgen:emulatordgen emulatoreq1.23

CPE	Name	Operator	Version
dgen:emulator	dgen emulator	eq	1.15
dgen:emulator	dgen emulator	eq	1.16
dgen:emulator	dgen emulator	eq	1.17
dgen:emulator	dgen emulator	eq	1.18
dgen:emulator	dgen emulator	eq	1.20
dgen:emulator	dgen emulator	eq	1.20_a
dgen:emulator	dgen emulator	eq	1.21
dgen:emulator	dgen emulator	eq	1.22
dgen:emulator	dgen emulator	eq	1.23

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes

secunia.com/advisories/12214

www.securityfocus.com/bid/10855

exchange.xforce.ibmcloud.com/vulnerabilities/16884

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-0770

cvelist1 nvd1 debiancve1