Vulnerability Details : CVE-2004-0977
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Exploit prediction scoring system (EPSS) score for CVE-2004-0977
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0977
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-0977
-
http://www.securityfocus.com/bid/11295
Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.trustix.org/errata/2004/0050
Trustix | Empowering Trust and Security in the Digital AgeThird Party Advisory
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300
136300 – CAN-2004-0977 temporary file vulnerabilities in make_oidjoins_check scriptIssue Tracking
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360
404 Not FoundBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149
Advisories - Mandriva LinuxThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200410-16.xml
PostgreSQL: Insecure temporary file use in make_oidjoins_check (GLSA 200410-16) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2004/dsa-577
[SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerabilityPatch;Vendor Advisory
-
https://www.ubuntu.com/usn/usn-6-1/
USN-6-1: postgresql contributed script vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://marc.info/?l=bugtraq&m=109910073808903&w=2
'[OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql)' - MARCThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2004-489.html
SupportBroken Link
Products affected by CVE-2004-0977
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*