Vulnerability Name: | CVE-2004-0770 (CCN-16884) | ||||||||
Assigned: | 2004-08-04 | ||||||||
Published: | 2004-08-04 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes Source: MITRE Type: CNA CVE-2004-0770 Source: CCN Type: SA12214 DGen Insecure Temporary File Creation Vulnerability Source: SECUNIA Type: UNKNOWN 12214 Source: CCN Type: OSVDB ID: 8300 DGen Symlink Arbitrary File Creation Source: BID Type: Vendor Advisory 10855 Source: CCN Type: BID-10855 DGen Emulator Symbolic Link Vulnerability Source: XF Type: UNKNOWN dgen-rom-decompression-symlink(16884) Source: XF Type: UNKNOWN dgen-rom-decompression-symlink(16884) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||
BACK |