CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11287	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml	Patch Vendor Advisory
http://www.trustix.org/errata/2004/0050
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
http://secunia.com/advisories/18764
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

Information

Published : 2005-02-08 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0969

Mitre link : CVE-2004-0969

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gnu

groff

gentoo

linux

ubuntu

ubuntu_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11287", "name": "11287", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml", "name": "GLSA-200411-15", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.trustix.org/errata/2004/0050", "name": "2004-0050", "tags": [], "refsource": "TRUSTIX"}, {"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313", "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313", "tags": [], "refsource": "CONFIRM"}, {"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038", "name": "MDKSA-2006:038", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/18764", "name": "18764", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583", "name": "script-temporary-file-overwrite(17583)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0969", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-02-09T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}