156 matches found
USN-4-1: Standard C library script vulnerabilities
Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities "catchsegv" and "glibcbug" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
USN-5-1: gettext vulnerabilities
Recently, Trustix Secure Linux discovered some vulnerabilities in the gettext package. The programs "autopoint" and "gettextize" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
USN-3-1: GhostScript utility script vulnerabilities
Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities "pv.sh" and "ps2epsi" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
CVE-2004-0972
CVE-2004-0972 concerns the lvmcreate_initrd helper in the Trustix/ lvm package (lvm1) where a temporary-directory creation flaw enables a local attacker to perform a symlink-based overwrite of arbitrary files. The described root cause is insecure handling of temporary files by the script, allowin...
CVE-2004-0974
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0974
CVE-2004-0974 concerns the Netatalk package where a local user can overwrite files via a symlink attack on temporary files. The initial description specifies Trustix Secure Linux 1.5–2.1 and possibly other OSes as affected, with the root cause being insecure temporary-file handling in etc2ps.sh. ...
CVE-2004-0974
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0971
The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0966
The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0976
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0975
The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0967
Ghostscript (espgs) in Trustix Secure Linux 1.5–2.1 and other OSes is affected by CVE-2004-0967 due to insecure temporary file handling in the scripts pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh. The vulnerability allows local attackers to overwrite files via a symlink attack on temporary files creat...
CVE-2004-0969
Technical details for CVE-2004-0969 are not publicly provided in the supplied connected documents. The materials reference the vulnerability generally (symlink attack in groff), but do not contain product/version/impact/fix specifics. Monitor for updates.
CVE-2004-0969
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0967
The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0971
The CVE-2004-0971 issue affects the krb5-send-pr script in the krb5 package, allowing local users to overwrite files via a symlink attack on temporary files. Description in the sources notes this vulnerability for Trustix Secure Linux 1.5–2.1 and potentially other OSes. The vulnerability originat...
CVE-2004-0966
The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0969
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0966
CVE-2004-0966 : The GNU gettext package (versions 1.14 and later) contains insecure handling in the autopoint and gettextize scripts that can create or overwrite files via a symlink attack on temporary files. This affects Trustix Secure Linux 1.5–2.1 and other OSs that ship gettext. The vulnerabi...
CVE-2004-0976
CVE-2004-0976 affects the perl package, notably in Trustix Secure Linux 1.5–2.1 and similar OSes, due to a symlink attack that lets local users overwrite files via temporary files. Root cause is insecure temporary file handling in Perl modules; impact is local with partial integrity impact and no...