CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
http://secunia.com/advisories/18764
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml	Patch Vendor Advisory
http://www.securityfocus.com/bid/11287	Patch Vendor Advisory
http://www.trustix.org/errata/2004/0050
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

History

No history.

Information

Published : 2005-02-09 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2004-0969

Mitre link : CVE-2004-0969

CVE.ORG link : CVE-2004-0969

JSON object : View

Products Affected

gentoo

linux

ubuntu

ubuntu_linux

gnu

groff

CWE

NVD-CWE-Other

{"id": "CVE-2004-0969", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-02-09T05:00:00.000", "references": [{"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18764", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11287", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.trustix.org/errata/2004/0050", "source": "cve@mitre.org"}, {"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."}], "lastModified": "2017-07-11T01:30:37.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}