CVE-2004-1894

2004-12-31T05:00:00

Description

TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.

{"id": "CVE-2004-1894", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2004-1894", "description": "TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:00", "epss": [{"cve": "CVE-2004-1894", "epss": 0.00042, "percentile": 0.05693, "modified": "2023-10-01"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1894", "reporter": "cve@mitre.org", "references": ["http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019777.html", "http://securitytracker.com/id?1009661", "http://www.securityfocus.com/bid/10042", "http://marc.info/?l=bugtraq&m=108118755923319&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15728"], "cvelist": ["CVE-2004-1894"], "immutableFields": [], "lastseen": "2023-10-02T13:07:29", "viewCount": 19, "enchantments": {"dependencies": {"references": [], "rev": 4}, "score": {"value": 6.8, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "epss": [{"cve": "CVE-2004-1894", "epss": 0.00042, "percentile": 0.0567, "modified": "2023-05-08"}], "vulnersScore": 6.8}, "_state": {"dependencies": 1696252787, "score": 1696252751, "epss": 0}, "_internal": {"score_hash": "799039417dae1a73dd576241889aebfe"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [], "affectedConfiguration": [{"name": "pragma ade context", "cpeName": "pragma_ade:context", "version": "*", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:a:pragma_ade:context:*:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019777.html", "name": "20040404 Texutil symlink vulnerability.", "refsource": "FULLDISC", "tags": ["Exploit", "Patch"]}, {"url": "http://securitytracker.com/id?1009661", "name": "1009661", "refsource": "SECTRACK", "tags": []}, {"url": "http://www.securityfocus.com/bid/10042", "name": "10042", "refsource": "BID", "tags": ["Patch"]}, {"url": "http://marc.info/?l=bugtraq&m=108118755923319&w=2", "name": "20040404 Texutil symlink vulnerability.", "refsource": "BUGTRAQ", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15728", "name": "texutil-symlink-attack(15728)", "refsource": "XF", "tags": []}], "product_info": [], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2005-05-04T00:00:00"}