CVE-2004-0581 — Ksymoops vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 76.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Ksymoops Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server

Timeline

PublishedAug 6

Latest updateApr 29

Description

ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

▶NVDmandrakesoft/mandrake_linux10.0, 9.1, 9.2+2

▶NVDgnu/ksymoops2.4.5, 2.4.8, 2.4.9+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6c5-3fww-hpc6: ksymoops-gznm script in Mandrake Linux 9↗2022-04-29

▶

CVEList

CVE-2004-0581: ksymoops-gznm script in Mandrake Linux 9↗2004-06-23

▶