ID CVE-2004-0966
Summary The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gettext:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gettext:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 11282
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
fedora FLSA:136323
gentoo GLSA-200410-10
mandriva MDKSA-2006:051
openpkg OpenPKG-SA-2004.055
trustix 2004-0050
ubuntu USN-5-1
xf script-temporary-file-overwrite(17583)
Last major update 11-07-2017 - 01:30
Published 09-02-2005 - 05:00
Back to Top