Lucene search
HistoryOct 20, 2004 - 4:00 a.m.
CVE-2004-0559
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0
Percentile
5.1%
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Affected configurations
Node
userminuserminMatch1.000
ORuserminuserminMatch1.010
ORuserminuserminMatch1.020
ORuserminuserminMatch1.030
ORuserminuserminMatch1.040
ORuserminuserminMatch1.051
ORuserminuserminMatch1.060
ORuserminuserminMatch1.070
ORuserminuserminMatch1.080
ORwebminwebminMatch1.0.00
ORwebminwebminMatch1.0.20
ORwebminwebminMatch1.0.50
ORwebminwebminMatch1.0.60
ORwebminwebminMatch1.0.70
ORwebminwebminMatch1.0.80
ORwebminwebminMatch1.0.90
ORwebminwebminMatch1.1.00
ORwebminwebminMatch1.1.10
ORwebminwebminMatch1.1.21
ORwebminwebminMatch1.1.30
ORwebminwebminMatch1.1.40
ORwebminwebminMatch1.1.50
Node
mandrakesoftmandrake_linuxMatch9.2
ORmandrakesoftmandrake_linuxMatch9.2amd64
ORmandrakesoftmandrake_linuxMatch10.0
ORmandrakesoftmandrake_linuxMatch10.0amd64
ORmandrakesoftmandrake_linux_corporate_serverMatch2.1
ORmandrakesoftmandrake_linux_corporate_serverMatch2.1x86_64
| Vendor | Product | Version | CPE |
|---|---|---|---|
| usermin | usermin | 1.000 | cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:* |
| usermin | usermin | 1.010 | cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:* |
| usermin | usermin | 1.020 | cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:* |
| usermin | usermin | 1.030 | cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:* |
| usermin | usermin | 1.040 | cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:* |
| usermin | usermin | 1.051 | cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:* |
| usermin | usermin | 1.060 | cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:* |
| usermin | usermin | 1.070 | cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:* |
| usermin | usermin | 1.080 | cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:* |
| webmin | webmin | 1.0.00 | cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-0559
2004-09-24 04:00:00
openvas
openvas
FreeBSD Ports: webmin
2008-09-04 00:00:00
Debian: Security Advisory (DSA-544-1)
2008-01-17 00:00:00
FreeBSD Ports: webmin
2008-09-04 00:00:00
freebsd
freebsd
webmin -- insecure temporary file creation at installation time
2004-09-05 00:00:00
cve
cve
CVE-2004-0559
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0559
2004-10-20 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : webmin (MDKSA-2004:101)
2004-09-23 00:00:00
debian
debian
[SECURITY] [DSA 544-1] New webmin packages fix insecure temporary directory
2004-09-14 14:58:12
[SECURITY] [DSA 544-1] New webmin packages fix insecure temporary directory
2004-09-14 14:58:12
osv
osv
webmin - insecure temporary directory
2004-09-14 00:00:00
gentoo
gentoo
Webmin, Usermin: Multiple vulnerabilities in Usermin
2004-09-12 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2004-0559