ID CVE-2004-0969
Summary The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 11287
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
gentoo GLSA-200411-15
mandriva MDKSA-2006:038
secunia 18764
trustix 2004-0050
xf script-temporary-file-overwrite(17583)
Last major update 11-07-2017 - 01:30
Published 09-02-2005 - 05:00
Back to Top