Vulnerability Details : CVE-2004-0969
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Exploit prediction scoring system (EPSS) score for CVE-2004-0969
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0969
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-0969
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability Report
-
http://www.trustix.org/errata/2004/0050
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/11287
Patch;Vendor Advisory
Products affected by CVE-2004-0969
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*