Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2097

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-2097
Last Modified 05 Sep 2008 04:43:11
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2097

Summary

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.

Vulnerable Systems

Operating System

  • Suse Linux 9.0


References

XF - suse-multiple-symlink-attack(14963)

BID - 9457

BUGTRAQ - 20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts

BUGTRAQ - 20040121 [SuSE 9.0] possible symlink attacks in some scripts

SECTRACK - 1008781


Last Updated: 27 May 2016 10:39:21