CVE-2004-0966 — Gettext vulnerability

6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 77.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gettext Ubuntu Linux

Timeline

PublishedFeb 9

Latest updateApr 29

Description

The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiangnu/gettext< 0.14.1-6+3

▶NVDgnu/gettext0.14.1

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6w8j-6937-5hm5: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1↗2022-04-29

▶

OSV

CVE-2004-0966: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1↗2005-02-09

▶

CVEList

CVE-2004-0966: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1↗2004-10-20

▶

📋Vendor Advisories

Ubuntu

gettext vulnerabilities↗2004-10-27

▶

Debian

CVE-2004-0966: gettext - The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and...↗2004

▶