Lucene search

[email protected]CVE-2004-0969

HistoryFeb 09, 2005 - 5:00 a.m.

CVE-2004-0969

2005-02-0905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

groff

symlink attack

nvd

trustix secure linux

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CPENameOperatorVersion
gnu:groffgnu groffeq1.19
ubuntu:ubuntu_linuxubuntu ubuntu linuxeq4.1
gentoo:linuxgentoo linuxeq*

CPE	Name	Operator	Version
gnu:groff	gnu groff	eq	1.19
ubuntu:ubuntu_linux	ubuntu ubuntu linux	eq	4.1
gentoo:linux	gentoo linux	eq	*

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313

secunia.com/advisories/18764

www.gentoo.org/security/en/glsa/glsa-200411-15.xml

www.securityfocus.com/bid/11287

www.trustix.org/errata/2004/0050

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038

exchange.xforce.ibmcloud.com/vulnerabilities/17583

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2004-0969

nessus6 openvas6 debiancve2 freebsd1 ubuntu1 ubuntucve2 prion1 cve1 gentoo1 slackware1