Vulnerability Details : CVE-2004-0969
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Products affected by CVE-2004-0969
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0969
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0969
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-0969
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
136313 – CAN-2004-0969 temporary file vulnerabilities in groffer script
-
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
Mandriva
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability Report
-
http://www.trustix.org/errata/2004/0050
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
OpenSSL, Groff: Insecure tempfile handling (GLSA 200411-15) — Gentoo securityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/11287
Patch;Vendor Advisory
Jump to