Oval Definition:	oval:org.mitre.oval:def:164
Revision Date: 2005-08-18 Version: 4 Title: Trustix Secure Linux der_chop Script Symlink Attack Vulnerability Description: The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-0975 Platform(s): Red Hat Enterprise Linux 3 Product(s): OpenSSL Definition Synopsis Software section Red Hat Enterprise 3 is installed AND openssl, openssl-devel, OR openssl-perl older than 0.9.7a-33.15 or openssl096b older than 0.9.6b-16.22.3 openssl-perl is older than 0.9.7a-33.15 OR openssl-devel older than 0.9.7a-33.15 OR openssl older than 0.9.7a-33.15 OR openssl096b package is older than 0.9.6b-16.22.3.i386.rpm AND Configuration section /tmp is writable by everyone
BACK