| Vulnerability Name: | CVE-2004-1296 (CCN-18660) | ||||||||
| Assigned: | 2004-12-21 | ||||||||
| Published: | 2004-12-21 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371 Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372 Source: MITRE Type: CNA CVE-2004-1296 Source: BUGTRAQ Type: UNKNOWN 20041220 [USN-43-1] groff utility vulnerabilities Source: CCN Type: OSVDB ID: 13447 GNU groff eqn2graph Symlink Arbitrary File Overwrite Source: CCN Type: OSVDB ID: 13448 GNU groff pic2graph Symlink Arbitrary File Overwrite Source: CCN Type: OSVDB ID: 74386 GNU troff contrib/eqn2graph/eqn2graph.sh Directory Creation Temporary File Symlink Arbitrary File Overwrite Source: CCN Type: OSVDB ID: 74387 GNU troff contrib/grap2graph/grap2graph.sh Directory Creation Temporary File Symlink Arbitrary File Overwrite Source: CCN Type: OSVDB ID: 74388 GNU troff contrib/pic2graph/pic2graph.sh Directory Creation Temporary File Symlink Arbitrary File Overwrite Source: CCN Type: USN-43-1 groff utility vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2006:038 Source: XF Type: UNKNOWN groff-eqn2graph-pic2graph-symlink(18660) Source: XF Type: UNKNOWN groff-eqn2graph-pic2graph-symlink(18660) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||