CVE-2004-0977

8 documents6 sources

Severity

2.1LOW

EPSS

0.1%

top 74.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +3 more

Timeline

PublishedFeb 9

Latest updateApr 29

Description

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDpostgresql/postgresql7.3.0 — 7.3.8+1

▶NVDtrustix/secure_linux2.0, 2.1+1

▶NVDmandrakesoft/mandrake_linux10.0, 10.1, 9.2+2

▶NVDredhat/enterprise_linux_desktop3.0

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

Also affects: Enterprise Linux 3.0

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-6j7m-4j6m-84cw: The make_oidjoins_check script in PostgreSQL 7↗2022-04-29

▶

CVEList

CVE-2004-0977: The make_oidjoins_check script in PostgreSQL 7↗2004-10-20

▶

📋Vendor Advisories

Ubuntu

postgresql contributed script vulnerability↗2004-10-27

▶

Red Hat

security flaw↗2004-09-30

▶

💬Community

Bugzilla

CVE-2004-0977 security flaw↗2018-08-16

▶

Bugzilla

CAN-2003-0977 fix pushed for RH9, but not FC1↗2004-03-20

▶