Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0975

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0975
Last Modified 21 Aug 2010 12:21:34
Published 09 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0975

Summary

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Vulnerable Systems

Operating System

  • Gentoo Linux

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

Application

  • Mandrakesoft Mandrake Multi Network Firewall 8.2

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7c

  • Openssl 0.9.7d


References

BID - 11293

XF - script-temporary-file-overwrite(17583)

TRUSTIX - 2004-0050

GENTOO - GLSA-200411-15

DEBIAN - DSA-603

SECUNIA - 12973

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302

REDHAT - RHSA-2005:476


Last Updated: 27 May 2016 10:38:50