Vulnerability Details : CVE-2004-0966
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Products affected by CVE-2004-0966
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:a:gnu:gettext:0.14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0966
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0966
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-0966
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability Report
-
http://www.trustix.org/errata/2004/0050
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml
gettext: Insecure temporary file handling (GLSA 200410-10) — Gentoo security
-
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051
Mandriva
-
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html
404 Not Found
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
136323 – CAN-2004-0966 temporary file vulnerabilities in various gettext scripts.
-
https://www.ubuntu.com/usn/usn-5-1/
USN-5-1: gettext vulnerabilities | Ubuntu security notices | Ubuntu
-
http://marc.info/?l=bugtraq&m=110382652226638&w=2
'[OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext)' - MARC
-
http://www.securityfocus.com/bid/11282
Patch;Vendor Advisory
Jump to