Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2004-0975

Published: 09/02/2005 Updated: 11/10/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Mandrake Multi Network Firewall

Vulnerability Summary

The der_chop script in the openssl package in Trustix Secure Linux 1.5 up to and including 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake multi network firewall 8.2

openssl openssl 0.9.6f

openssl openssl 0.9.6g

openssl openssl 0.9.6h

openssl openssl 0.9.7d

openssl openssl 0.9.6b

openssl openssl 0.9.6c

openssl openssl 0.9.6k

openssl openssl 0.9.6l

openssl openssl 0.9.6

openssl openssl 0.9.6a

openssl openssl 0.9.6i

openssl openssl 0.9.6j

openssl openssl 0.9.6d

openssl openssl 0.9.6e

openssl openssl 0.9.6m

openssl openssl 0.9.7c

mandrakesoft mandrake linux 9.2

mandrakesoft mandrake linux corporate server 2.1

mandrakesoft mandrake linux 10.0

mandrakesoft mandrake linux 10.1

gentoo linux

Vendor Advisories

Red Hat: openssl security update
Synopsis openssl security update Type/Severity Security Advisory: Moderate Topic Updated OpenSSL packages that fix security issues are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description OpenSSL is a toolkit that impl ...
Ubuntu Security Notice: openssl script vulnerability
Recently, Trustix Secure Linux discovered a vulnerability in the openssl package The auxiliary script “der_chop” created temporary files in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program ...
Debian Security Advisories: DSA-603-1 openssl -- insecure temporary file
Trustix developers discovered insecure temporary file creation in a supplemental script (der_chop) of the openssl package which may allow local users to overwrite files via a symlink attack For the stable distribution (woody) this problem has been fixed in version 096c-2woody7 For the unstable distribution (sid) this problem has been fixed in ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/11293http://www.debian.org/security/2004/dsa-603http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlhttp://www.trustix.org/errata/2004/0050http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302http://secunia.com/advisories/12973http://www.redhat.com/support/errata/RHSA-2005-476.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621https://access.redhat.com/errata/RHSA-2005:476https://usn.ubuntu.com/24-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook