CVE-2004-0559 — Usermin vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 78.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server Usermin +1 more

Timeline

PublishedOct 20

Latest updateApr 29

Description

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶NVDusermin/usermin9 versions+8

▶NVDwebmin/webmin13 versions+12

▶NVDmandrakesoft/mandrake_linux10.0, 9.2+1

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vv4-9m64-9pj6: The maketemp↗2022-04-29

▶

CVEList

CVE-2004-0559: The maketemp↗2004-09-24

▶