| Vulnerability Name: | CVE-2004-1336 (CCN-18708) | ||||||||
| Assigned: | 2004-12-19 | ||||||||
| Published: | 2004-12-19 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: Debian Bug Report Log #286370 xdvizilla: Vulnerable to symlink attack in temporary directory Source: CONFIRM Type: Vendor Advisory http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286370 Source: MITRE Type: CNA CVE-2004-1336 Source: CCN Type: xdvizilla Web page xdvizilla Source: BUGTRAQ Type: UNKNOWN 20041223 [USN-51-1] teTeX auxiliary script vulnerability Source: CCN Type: OSVDB ID: 13536 tetex-bin xdvizilla Symlink File Overwrite Source: BID Type: Patch, Vendor Advisory 12100 Source: CCN Type: BID-12100 Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability Source: CCN Type: USN-51-1 teTeX auxiliary script vulnerability Source: XF Type: UNKNOWN xdvizilla-symlink(18708) Source: XF Type: UNKNOWN xdvizilla-symlink(18708) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||