Vulnerability Details : CVE-2004-0966
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Exploit prediction scoring system (EPSS) score for CVE-2004-0966
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0966
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-0966
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Multiple scripts temporary file overwrite CVE-2004-0977 Vulnerability Report
-
http://www.trustix.org/errata/2004/0050
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml
-
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051
-
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
-
https://www.ubuntu.com/usn/usn-5-1/
-
http://marc.info/?l=bugtraq&m=110382652226638&w=2
-
http://www.securityfocus.com/bid/11282
Patch;Vendor Advisory
Products affected by CVE-2004-0966
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:a:gnu:gettext:0.14.1:*:*:*:*:*:*:*