Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0967

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0967
Last Modified 21 Aug 2010 12:00:00
Published 09 Feb 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0967

Summary

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

Vulnerable Systems

Application

  • Aladdin Enterprises Ghostscript 4.3

  • Aladdin Enterprises Ghostscript 4.3.2

  • Aladdin Enterprises Ghostscript 5.10.10

  • Aladdin Enterprises Ghostscript 5.10.10 1

  • Aladdin Enterprises Ghostscript 5.10.12cl

  • Aladdin Enterprises Ghostscript 5.10.15

  • Aladdin Enterprises Ghostscript 5.10.16

  • Aladdin Enterprises Ghostscript 5.10cl

  • Aladdin Enterprises Ghostscript 5.50

  • Aladdin Enterprises Ghostscript 5.50.8

  • Aladdin Enterprises Ghostscript 5.50.8 7

  • Aladdin Enterprises Ghostscript 6.51

  • Aladdin Enterprises Ghostscript 6.52

  • Aladdin Enterprises Ghostscript 6.53

  • Aladdin Enterprises Ghostscript 7.0.4

  • Aladdin Enterprises Ghostscript 7.0.5

  • Aladdin Enterprises Ghostscript 7.0.6

  • Aladdin Enterprises Ghostscript 7.0.7


References

BID - 11285

XF - script-temporary-file-overwrite(17583)

TRUSTIX - 2004-0050

REDHAT - RHSA-2005:081

SECUNIA - 20056

SECUNIA - 19799

SECUNIA - 17135

SECUNIA - 16997

UBUNTU - USN-3-1

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321

SCO - SCOSA-2006.23

SCO - SCOSA-2006.19


Last Updated: 27 May 2016 10:38:50