Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0844

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2003-0844
Last Modified 07 Mar 2011 09:13:09
Published 17 Nov 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0844

Summary

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.

Vulnerable Systems

Application

  • Dag Apt Repository Mod Gzip 1.3.26.1a


References

BUGTRAQ - 20030601 Mod_gzip Debug Mode Vulnerabilities


Last Updated: 27 May 2016 10:38:05