CVE-2004-0975
published 2005-02-09CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a…
PriorityP46low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.41%
33.4th percentile
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.7e-3 (bookworm) | openssl 0.9.7e-3 (bookworm) |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| mandrakesoft | mandrake_multi_network_firewall | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.7e-3 | 0.9.7e-3 |
| openssl | openssl | >= 0 < 0.9.7e-3 | 0.9.7e-3 |
| openssl | openssl | >= 0 < 0.9.7e-3 | 0.9.7e-3 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
openssl script vulnerability
vendor_ubuntu·2004-11-12
CVE-2004-0975 openssl script vulnerability
Title: openssl script vulnerability
Summary: openssl script vulnerability
Recently, Trustix Secure Linux discovered a vulnerability in the
openssl package. The auxiliary script "der_chop" created temporary
files in an insecure way, which could allow a symlink attack to create
or overwrite arbitrary files with the privileges of the user invoking
the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-09-30·CVSS 2.1
CVE-2004-0975 [LOW] security flaw
security flaw
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2004-0975: openssl - The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2...
vendor_debian·2004·CVSS 2.1
CVE-2004-0975 [LOW] CVE-2004-0975: openssl - The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2...
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Scope: local
bookworm: resolved (fixed in 0.9.7e-3)
bullseye: resolved (fixed in 0.9.7e-3)
forky: resolved (fixed in 0.9.7e-3)
sid: resolved (fixed in 0.9.7e-3)
trixie: resolved (fixed in 0.9.7e-3)
GHSA
GHSA-53cg-whph-j92f: The der_chop script in the openssl package in Trustix Secure Linux 1
ghsa_unreviewed·2022-04-29
CVE-2004-0975 [LOW] GHSA-53cg-whph-j92f: The der_chop script in the openssl package in Trustix Secure Linux 1
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
OSV
CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1
osv·2005-02-09·CVSS 2.1
CVE-2004-0975 [LOW] CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
No detection rules found.
No public exploits indexed.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302http://secunia.com/advisories/12973http://www.debian.org/security/2004/dsa-603http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlhttp://www.redhat.com/support/errata/RHSA-2005-476.htmlhttp://www.securityfocus.com/bid/11293http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302http://secunia.com/advisories/12973http://www.debian.org/security/2004/dsa-603http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlhttp://www.redhat.com/support/errata/RHSA-2005-476.htmlhttp://www.securityfocus.com/bid/11293http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
2005-02-09
Published