Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0372

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0372
Last Modified 05 Sep 2008 04:38:16
Published 15 Apr 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0372

Summary

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.

Vulnerable Systems

Application

  • Xine 0.9.13

  • Xine 1 Beta1

  • Xine 1 Beta10

  • Xine 1 Beta11

  • Xine 1 Beta12

  • Xine 1 Beta2

  • Xine 1 Beta3

  • Xine 1 Beta4

  • Xine 1 Beta5

  • Xine 1 Beta6

  • Xine 1 Beta7

  • Xine 1 Beta8

  • Xine 1 Beta9

  • Xine 1 Rc0a

  • Xine 1 Rc1

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc3a

  • Xine 1 Rc3b


References

XF - xine-xinebugreport-xinecheck-symlink(15564)

DEBIAN - DSA-477

BID - 9939

GENTOO - GLSA-200404-20

BUGTRAQ - 20040320 xine-check/xine-bugreport symlink vulnerability.


Last Updated: 27 May 2016 10:38:34