CVE-2004-0968 : The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Published 2005-02-09 05:00:00

Updated 2017-10-11 01:29:39

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-0968

Redhat » Enterprise Linux » Version: 3.0 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Workstation Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.2
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.3
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.1
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.3.10
cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.6
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2.1
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2.2
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.4
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.5
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.1
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.2
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.0.3
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2.5
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.1.6
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2.3
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.2.4
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3.1
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3.2
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.1.9
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3.10
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3.3
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
Matching versions
GNU » Glibc » Version: 2.3.4
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0968

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0968

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2004-0968

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability Report

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2004-586.html

Support
http://www.debian.org/security/2005/dsa-636

[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files

CVEs referencing this url
http://www.trustix.org/errata/2004/0050

Trustix | Empowering Trust and Security in the Digital Age

CVEs referencing this url
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318

136318 – CAN-2004-0968 temporary file vulnerabilities in catchsegv script
http://www.redhat.com/support/errata/RHSA-2005-261.html

Support

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523

404 Not Found
https://www.ubuntu.com/usn/usn-4-1/

USN-4-1: Standard C library script vulnerabilities | Ubuntu security notices | Ubuntu
http://www.securityfocus.com/bid/11286

Patch;Vendor Advisory
http://security.gentoo.org/glsa/glsa-200410-19.xml

glibc: Insecure tempfile handling in catchsegv script (GLSA 200410-19) — Gentoo security

Jump to

Vulnerability Details : CVE-2004-0968

Products affected by CVE-2004-0968

Exploit prediction scoring system (EPSS) score for CVE-2004-0968

CVSS scores for CVE-2004-0968

References for CVE-2004-0968