Vulnerability Name: CVE-2004-0967 (CCN-17583) Assigned: 2004-09-30 Published: 2004-09-30 Updated: 2017-10-11 Summary: The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. CVSS v3 Severity: 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-59 Vulnerability Consequences: File Manipulation References: Source: SCOSCOSA-2006.19 SCOSA-2006.23 Insecure tempfile handling http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321 CVE-2004-0966 CVE-2004-0967 CVE-2004-0968 CVE-2004-0969 CVE-2004-0970 CVE-2004-0971 CVE-2004-0972 CVE-2004-0974 CVE-2004-0975 CVE-2004-0976 CVE-2004-0977 rh-postgresql security update glibc security update krb5 security update ghostscript security update glibc security update openssl security update perl security update OpenSSL "der_chop" Script Insecure Temporary File Creation gzip Various Scripts Insecure Temporary File Creation 16997 17135 Red Hat update perl 19799 20056 perl security update (RHSA-2005-881) UnixWare GhostScript Insecure Temporary File Creation Vulnerability (SCOSA-2006.23) Logical Volume Manager (LVM) Vulnerability GZIP Insecure Temporary Files Perl Insecure Temporary Files/Directories postgresql -- insecure temporary file lvm10 -- insecure temporary directory gzip -- insecure temporary files openssl -- insecure temporary file perl -- insecure temporary files / directories glibc -- insecure temporary files gettext: Insecure temporary file handling PostgreSQL: Insecure temporary file use in make_oidjoins_check Ghostscript: Insecure temporary file use in multiple scripts glibc: Insecure tempfile handling in catchsegv script MIT krb5: Insecure temporary file use in send-pr.sh Netatalk: Insecure tempfile handling in etc2ps.sh OpenSSL, Groff: Insecure tempfile handling Davfs2, lvm-user: Insecure tempfile handling Perl: Insecure temporary file creation AppleTalk networking programs AppleTalk networking programs PostgreSQL gettext Perl File::Path GNU gettext Multiple Script Temporary File Symlink Arbitrary File Overwrite Netatalk etc2ps.sh Symlink Arbitrary File Modification GNU Troff groffer.sh Symlink Arbitrary File Manipulation LVM lvmcreate_initrd Symlink Arbitrary File Overwrite gzip gzexe Symlink Arbitrary File Overwrite gzip zdiff Symlink Arbitrary File Overwrite gzip znew Symlink Arbitrary File Overwrite GNU troff config.guess tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite GNU troff contrib/groffer/perl/groffer.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite GNU troff contrib/groffer/perl/roff2.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite Updated gettext package fixes security issues RHSA-2005:081 GNU GetText Unspecified Insecure Temporary File Creation Vulnerability 11285 GhostScript Insecure Temporary File Creation Vulnerability GNU GLibC Insecure Temporary File Creation Vulnerability GNU Troff (Groff) Groffer Script Insecure Temporary File Creation Vulnerability GNU GZip Unspecified Insecure Temporary File Creation Vulnerability MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability Trustix LVM Utilities Unspecified Insecure Temporary File Creation Vulnerability MySQL Unspecified Insecure Temporary File Creation Vulnerability NetaTalk Unspecified Insecure Temporary File Creation Vulnerability OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability Perl Unspecified Insecure Temporary File Creation Vulnerability PostgreSQL Insecure Temporary File Creation Vulnerability 2004-0050 Symlink attack may allow arbitrary file overwriting Symlink attack in openssl may allow arbitrary file overwriting Two vulnerabilities have been discovered in Postgresql Symlink attack in perl may allow arbitrary file overwriting Possible symlink attack may allow arbitrary file overwriting groff utility vulnerability lvm10 vulnerability perl vulnerabilities openssl script vulnerability GhostScript utility script vulnerabilities Standard C library script vulnerabilities gettext vulnerabilities postgresql contributed script vulnerability script-temporary-file-overwrite(17583) script-temporary-file-overwrite(17583) oval:org.mitre.oval:def:10284 USN-3-1 Vulnerable Configuration: Configuration 1 :cpe:/a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:4.3.2:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.10:*:mdk:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.10_1:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.10_1:*:mdk:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.12cl:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10.16:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.50.8:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:5.50.8_7:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:6.51:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:6.52:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:6.53:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:7.0.4:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:7.0.5:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:7.0.6:*:*:*:*:*:*:* OR cpe:/a:aladdin_enterprises:ghostscript:7.0.7:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:openssl:openssl:*:*:*:*:*:*:*:* OR cpe:/a:larry_wall:perl:*:*:*:*:*:*:*:* OR cpe:/a:artifex:ghostscript:*:*:*:*:*:*:*:* OR cpe:/a:postgresql:postgresql:*:*:*:*:*:*:*:* OR cpe:/a:gnu:groff:*:*:*:*:*:*:*:* OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* OR cpe:/a:gnu:glibc:*:*:*:*:*:*:*:* OR cpe:/a:gnu:gzip:*:*:*:*:*:*:*:* OR cpe:/a:gnu:gettext:-:*:*:*:*:*:*:* OR cpe:/a:netatalk:netatalk:*:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos:*:*:*:*:*:*:*:* AND cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:fedoraproject:fedora_core:1:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:* OR cpe:/a:avaya:mn100:*:*:*:*:*:*:*:* OR cpe:/o:avaya:modular_messaging_message_storage_server:*:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10284 V The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. 2013-04-29 oval:com.redhat.rhsa:def:20050081 P RHSA-2005:081: ghostscript security update (Low) 2005-09-28
BACK
aladdin_enterprises ghostscript 4.3
aladdin_enterprises ghostscript 4.3.2
aladdin_enterprises ghostscript 5.10.10
aladdin_enterprises ghostscript 5.10.10
aladdin_enterprises ghostscript 5.10.10_1
aladdin_enterprises ghostscript 5.10.10_1
aladdin_enterprises ghostscript 5.10.12cl
aladdin_enterprises ghostscript 5.10.15
aladdin_enterprises ghostscript 5.10.16
aladdin_enterprises ghostscript 5.10cl
aladdin_enterprises ghostscript 5.50
aladdin_enterprises ghostscript 5.50.8
aladdin_enterprises ghostscript 5.50.8_7
aladdin_enterprises ghostscript 6.51
aladdin_enterprises ghostscript 6.52
aladdin_enterprises ghostscript 6.53
aladdin_enterprises ghostscript 7.0.4
aladdin_enterprises ghostscript 7.0.5
aladdin_enterprises ghostscript 7.0.6
aladdin_enterprises ghostscript 7.0.7
openssl openssl *
larry_wall perl *
artifex ghostscript *
postgresql postgresql *
gnu groff *
mysql mysql *
gnu glibc *
gnu gzip *
gnu gettext -
netatalk netatalk *
mit kerberos *
trustix secure linux 1.5
debian debian linux 3.0
openpkg openpkg current
gentoo linux *
mandrakesoft mandrake multi network firewall 8.2
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat linux 9.0
trustix secure linux 2.0
mandrakesoft mandrake linux 9.2
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
fedoraproject fedora core 1
trustix secure linux 2.1
mandrakesoft mandrake linux 10.0
redhat enterprise linux 3
fedoraproject fedora core 2
conectiva linux 10
openpkg openpkg 2.1
openpkg openpkg 2.2
mandrakesoft mandrake linux 10.1
fedoraproject fedora core 3
avaya mn100 *
avaya modular messaging message storage server *
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake multi network firewall 2.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux home *
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1
Denotes that component is vulnerable