Lucene search

[email protected]CVE-2004-0966

HistoryFeb 09, 2005 - 5:00 a.m.

CVE-2004-0966

2005-02-0905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0966

gnu

gettext package

trustix secure linux

symlink attack

file overwrite

nvd

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CPENameOperatorVersion
gnu:gettextgnu gettexteq0.14.1
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq4.1

CPE	Name	Operator	Version
gnu:gettext	gnu gettext	eq	0.14.1
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	4.1

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323

marc.info/?l=bugtraq&m=110382652226638&w=2

www.gentoo.org/security/en/glsa/glsa-200410-10.xml

www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html

www.securityfocus.com/bid/11282

www.trustix.org/errata/2004/0050

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051

exchange.xforce.ibmcloud.com/vulnerabilities/17583

www.ubuntu.com/usn/usn-5-1/

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2004-0966

openvas3 ubuntucve1 securityvulns1 cvelist1 nessus2 ubuntu1 debiancve1 gentoo1