ID CVE-2004-0977
Summary The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:7.2.1
    cpe:2.3:a:postgresql:postgresql:7.2.1
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • MandrakeSoft Mandrake Linux 10.1
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:-:x86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • Trustix Secure Linux 2.0
    cpe:2.3:o:trustix:secure_linux:2.0
  • Trustix Secure Linux 2.1
    cpe:2.3:o:trustix:secure_linux:2.1
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-16 (PostgreSQL: Insecure temporary file use in make_oidjoins_check) The make_oidjoins_check script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When make_oidjoins_check is called, this would result in file overwrite with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 15513
    published 2004-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15513
    title GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-149.NASL
    description The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15957
    published 2004-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15957
    title Mandrake Linux Security Advisory : postgresql (MDKSA-2004:149)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_POSTGRESQL_CONTRIB_726.NASL
    description The following package needs to be updated: postgresql-contrib
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 15807
    published 2004-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15807
    title FreeBSD : postgresql-contrib -- insecure temporary file creation (153)
  • NASL family Databases
    NASL id POSTGRESQL_TEMPFILE.NASL
    description The remote PostgreSQL server, according to its version number, is vulnerable to an unspecified insecure temporary file creation flaw, which may allow a local attacker to overwrite arbitrary files with the privileges of the application.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 15417
    published 2004-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15417
    title PostgreSQL make_oidjoins_check Arbitrary File Overwrite
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6A164D842F7F11D9A9E70001020EED82.NASL
    description The make_oidjoins_check script in the PostgreSQL RDBMS has insecure handling of temporary files, which could lead to an attacker overwriting arbitrary files with the credentials of the user running the make_oidjoins_check script.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 37716
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37716
    title FreeBSD : postgresql-contrib -- insecure temporary file creation (6a164d84-2f7f-11d9-a9e7-0001020eed82)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-489.NASL
    description Updated rh-postgresql packages that fix various bugs are now available. PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects, and user-defined types and functions). Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0977 to this issue. Additionally, the following non-security issues have been addressed : - Fixed a low probability risk for loss of recently committed transactions. - Fixed a low probability risk for loss of older data due to failure to update transaction status. - A lock file problem that sometimes prevented automatic restart after a system crash has been fixed. All users of rh-postgresql should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 16016
    published 2004-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16016
    title RHEL 3 : rh-postgresql (RHSA-2004:489)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-6-1.NASL
    description Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script 'make_oidjoins_check' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20678
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20678
    title Ubuntu 4.10 : postgresql contributed script vulnerability (USN-6-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-577.NASL
    description Trustix Security Engineers identified insecure temporary file creation in a script included in the postgresql suite, an object-relational SQL database. This could lead an attacker to trick a user to overwrite arbitrary files he has write access to.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15675
    published 2004-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15675
    title Debian DSA-577-1 : postgresql - insecure temporary file
oval via4
accepted 2013-04-29T04:13:30.900-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
family unix
id oval:org.mitre.oval:def:11360
status accepted
submitted 2010-07-09T03:56:16-04:00
title The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
version 24
redhat via4
advisories
rhsa
id RHSA-2004:489
refmap via4
bid 11295
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300
debian DSA-577
gentoo GLSA-200410-16
mandrake MDKSA-2004:149
openpkg OpenPKG-SA-2004.046
trustix 2004-0050
ubuntu USN-6-1
xf script-temporary-file-overwrite(17583)
Last major update 07-12-2016 - 21:59
Published 09-02-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top