Vulnerability Name:

CVE-2004-0972 (CCN-17583)

Assigned:2004-09-30
Published:2004-09-30
Updated:2017-10-11
Summary:The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Trustix Secure Linux Bugfix Advisory #2004-0050
Insecure tempfile handling

Source: CONFIRM
Type: UNKNOWN
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308

Source: MITRE
Type: CNA
CVE-2004-0966

Source: MITRE
Type: CNA
CVE-2004-0967

Source: MITRE
Type: CNA
CVE-2004-0968

Source: MITRE
Type: CNA
CVE-2004-0969

Source: MITRE
Type: CNA
CVE-2004-0970

Source: MITRE
Type: CNA
CVE-2004-0971

Source: MITRE
Type: CNA
CVE-2004-0972

Source: MITRE
Type: CNA
CVE-2004-0974

Source: MITRE
Type: CNA
CVE-2004-0975

Source: MITRE
Type: CNA
CVE-2004-0976

Source: MITRE
Type: CNA
CVE-2004-0977

Source: REDHAT
Type: UNKNOWN
RHBA-2004:232

Source: CCN
Type: RHSA-2004-489
rh-postgresql security update

Source: CCN
Type: RHSA-2004-586
glibc security update

Source: CCN
Type: RHSA-2005-012
krb5 security update

Source: CCN
Type: RHSA-2005-081
ghostscript security update

Source: CCN
Type: RHSA-2005-261
glibc security update

Source: CCN
Type: RHSA-2005-476
openssl security update

Source: CCN
Type: RHSA-2005-881
perl security update

Source: CCN
Type: SA12973
OpenSSL "der_chop" Script Insecure Temporary File Creation

Source: CCN
Type: SA13131
gzip Various Scripts Insecure Temporary File Creation

Source: CCN
Type: SA18075
Red Hat update perl

Source: CCN
Type: ASA-2006-008
perl security update (RHSA-2005-881)

Source: CCN
Type: ASA-2006-101
UnixWare GhostScript Insecure Temporary File Creation Vulnerability (SCOSA-2006.23)

Source: CCN
Type: CIAC Information Bulletin P-030
Logical Volume Manager (LVM) Vulnerability

Source: CCN
Type: CIAC Information Bulletin P-032
GZIP Insecure Temporary Files

Source: CCN
Type: CIAC Information Bulletin P-086
Perl Insecure Temporary Files/Directories

Source: DEBIAN
Type: DSA-577
postgresql -- insecure temporary file

Source: DEBIAN
Type: DSA-583
lvm10 -- insecure temporary directory

Source: DEBIAN
Type: DSA-588
gzip -- insecure temporary files

Source: DEBIAN
Type: DSA-603
openssl -- insecure temporary file

Source: DEBIAN
Type: DSA-620
perl -- insecure temporary files / directories

Source: DEBIAN
Type: DSA-636
glibc -- insecure temporary files

Source: CCN
Type: GLSA-200410-10
gettext: Insecure temporary file handling

Source: CCN
Type: GLSA-200410-16
PostgreSQL: Insecure temporary file use in make_oidjoins_check

Source: CCN
Type: GLSA-200410-18
Ghostscript: Insecure temporary file use in multiple scripts

Source: CCN
Type: GLSA-200410-19
glibc: Insecure tempfile handling in catchsegv script

Source: CCN
Type: GLSA-200410-24
MIT krb5: Insecure temporary file use in send-pr.sh

Source: CCN
Type: GLSA-200410-25
Netatalk: Insecure tempfile handling in etc2ps.sh

Source: CCN
Type: GLSA-200411-15
OpenSSL, Groff: Insecure tempfile handling

Source: CCN
Type: GLSA-200411-22
Davfs2, lvm-user: Insecure tempfile handling

Source: CCN
Type: GLSA-200412-04
Perl: Insecure temporary file creation

Source: CCN
Type: Fedora Update Notification FEDORA-2004-505
AppleTalk networking programs

Source: CCN
Type: Fedora Update Notification FEDORA-2004-506
AppleTalk networking programs

Source: CCN
Type: OpenPKG-SA-2004.046
PostgreSQL

Source: CCN
Type: OpenPKG-SA-2004.055
gettext

Source: CCN
Type: OpenPKG-SA-2005.001
Perl File::Path

Source: CCN
Type: OSVDB ID: 10646
GNU gettext Multiple Script Temporary File Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 11123
Netatalk etc2ps.sh Symlink Arbitrary File Modification

Source: CCN
Type: OSVDB ID: 11130
GNU Troff groffer.sh Symlink Arbitrary File Manipulation

Source: CCN
Type: OSVDB ID: 11392
LVM lvmcreate_initrd Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 11536
gzip gzexe Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 11543
gzip zdiff Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 11544
gzip znew Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 74389
GNU troff config.guess tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 74390
GNU troff contrib/groffer/perl/groffer.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 74391
GNU troff contrib/groffer/perl/roff2.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite

Source: CCN
Type: FLSA:136323
Updated gettext package fixes security issues

Source: CCN
Type: BID-11282
GNU GetText Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11285
GhostScript Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11286
GNU GLibC Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11287
GNU Troff (Groff) Groffer Script Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11288
GNU GZip Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11289
MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability

Source: BID
Type: Patch, Vendor Advisory
11290

Source: CCN
Type: BID-11290
Trustix LVM Utilities Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11291
MySQL Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11292
NetaTalk Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11293
OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11294
Perl Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: BID-11295
PostgreSQL Insecure Temporary File Creation Vulnerability

Source: TRUSTIX
Type: Patch, Vendor Advisory
2004-0050

Source: CCN
Type: TLSA-2005-13
Symlink attack may allow arbitrary file overwriting

Source: CCN
Type: TLSA-2005-14
Symlink attack in openssl may allow arbitrary file overwriting

Source: CCN
Type: TLSA-2005-22
Two vulnerabilities have been discovered in Postgresql

Source: CCN
Type: TLSA-2005-35
Symlink attack in perl may allow arbitrary file overwriting

Source: CCN
Type: TLSA-2005-9
Possible symlink attack may allow arbitrary file overwriting

Source: CCN
Type: USN-13-1
groff utility vulnerability

Source: CCN
Type: USN-15-1
lvm10 vulnerability

Source: CCN
Type: USN-16-1
perl vulnerabilities

Source: CCN
Type: USN-24-1
openssl script vulnerability

Source: CCN
Type: USN-3-1
GhostScript utility script vulnerabilities

Source: CCN
Type: USN-4-1
Standard C library script vulnerabilities

Source: CCN
Type: USN-5-1
gettext vulnerabilities

Source: CCN
Type: USN-6-1
postgresql contributed script vulnerability

Source: XF
Type: UNKNOWN
script-temporary-file-overwrite(17583)

Source: XF
Type: UNKNOWN
script-temporary-file-overwrite(17583)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10632

Vulnerable Configuration:Configuration 1:
  • cpe:/a:lvm:logical_volume_management_utilities:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:lvm:logical_volume_management_utilities:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:lvm:logical_volume_management_utilities:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:lvm:logical_volume_management_utilities:1.0.8:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openssl:openssl:*:*:*:*:*:*:*:*
  • OR cpe:/a:larry_wall:perl:*:*:*:*:*:*:*:*
  • OR cpe:/a:artifex:ghostscript:*:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:*:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:*:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:*:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gzip:*:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gettext:-:*:*:*:*:*:*:*
  • OR cpe:/a:netatalk:netatalk:*:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:mn100:*:*:*:*:*:*:*:*
  • OR cpe:/o:avaya:modular_messaging_message_storage_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10632
    V
    		The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
    2013-04-29
    oval:org.debian:def:583
    V
    		insecure temporary directory
    2004-11-03
    BACK
    lvm logical volume management utilities 1.0.1
    lvm logical volume management utilities 1.0.4
    lvm logical volume management utilities 1.0.7
    lvm logical volume management utilities 1.0.8
    gentoo linux *
    openssl openssl *
    larry_wall perl *
    artifex ghostscript *
    postgresql postgresql *
    gnu groff *
    mysql mysql *
    gnu glibc *
    gnu gzip *
    gnu gettext -
    netatalk netatalk *
    mit kerberos *
    trustix secure linux 1.5
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    trustix secure linux 2.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    fedoraproject fedora core 1
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    fedoraproject fedora core 2
    conectiva linux 10
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1
    fedoraproject fedora core 3
    avaya mn100 *
    avaya modular messaging message storage server *
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1