CVE-2004-0975

9 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 77.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server Mandrakesoft Mandrake Multi Network Firewall +1 more

Timeline

PublishedFeb 9

Latest updateApr 29

Description

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶Debianopenssl< 0.9.7e-3+3

▶NVDopenssl/openssl16 versions+15

▶NVDmandrakesoft/mandrake_linux10.0, 10.1, 9.2+2

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

▶NVDmandrakesoft/mandrake_multi_network_firewall8.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-53cg-whph-j92f: The der_chop script in the openssl package in Trustix Secure Linux 1↗2022-04-29

▶

OSV

CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1↗2005-02-09

▶

CVEList

CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1↗2004-10-20

▶

📋Vendor Advisories

Ubuntu

openssl script vulnerability↗2004-11-12

▶

Red Hat

security flaw↗2004-09-30

▶

Debian

CVE-2004-0975: openssl - The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2...↗2004

▶

💬Community

Bugzilla

CVE-2004-0975 security flaw↗2018-08-16

▶