Lucene search

[email protected]CVE-2004-1894

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1894

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

texutil

context

symlink attack

local users

file overwrite

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.

References

lists.grok.org.uk/pipermail/full-disclosure/2004-April/019777.html

marc.info/?l=bugtraq&m=108118755923319&w=2

securitytracker.com/id?1009661

www.securityfocus.com/bid/10042

exchange.xforce.ibmcloud.com/vulnerabilities/15728

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON