CVE-2004-0975
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 20 Oct 2004, 04:00
Last modified:08 Aug 2024, 00:39
Vulnerability Summary
Overall Risk (default)
minimal
8/100 CVSS Score
2.1 LOW
v2.0 (nvd)
EPSS Score
0.08% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Oct 2004, 04:00
Published
Vulnerability first disclosed
08 Aug 2024, 00:39
Last Modified
Vulnerability information updated
Description
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVSS Metrics
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.08%• Percentile: 23%
Affected Systems
- mandrakesoft•mandrake_linux
9.2 | 10.0 | 10.1
- mandrakesoft•mandrake_linux_corporate_server
2.1
- mandrakesoft•mandrake_multi_network_firewall
8.2
- Unknown•OpenSSL
0.9.6 | 0.9.6a | 0.9.6b | 0.9.6c | 0.9.6d | 0.9.6e | 0.9.6f | 0.9.6g | 0.9.6h | 0.9.6i | 0.9.6j | 0.9.6k | 0.9.6l | 0.9.6m | 0.9.7c | 0.9.7d
References (10)
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- http://www.trustix.org/errata/2004/0050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
- http://www.debian.org/security/2004/dsa-603
- http://www.redhat.com/support/errata/RHSA-2005-476.html
- http://www.securityfocus.com/bid/11293
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
- http://secunia.com/advisories/12973