CVE-2004-0966

medium

Description

The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

References

https://www.ubuntu.com/usn/usn-5-1/

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051

http://www.trustix.org/errata/2004/0050

http://www.securityfocus.com/bid/11282

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html

http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml

http://marc.info/?l=bugtraq&m=110382652226638&w=2

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323

Details

Source: Mitre, NVD

Published: 2005-02-09

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium