CVE-2004-0977
published 2005-02-09CVE-2004-0977: The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
PriorityP47low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.45%
36.1th percentile
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| postgresql | postgresql | >= 7.3.0 < 7.3.8 | 7.3.8 |
| postgresql | postgresql | >= 7.4.0 < 7.4.6 | 7.4.6 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6j7m-4j6m-84cw: The make_oidjoins_check script in PostgreSQL 7
ghsa_unreviewed·2022-04-29
CVE-2004-0977 [LOW] GHSA-6j7m-4j6m-84cw: The make_oidjoins_check script in PostgreSQL 7
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Ubuntu
postgresql contributed script vulnerability
vendor_ubuntu·2004-10-27
CVE-2004-0977 postgresql contributed script vulnerability
Title: postgresql contributed script vulnerability
Summary: postgresql contributed script vulnerability
Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the script.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-09-30·CVSS 2.1
CVE-2004-0977 [LOW] security flaw
security flaw
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0977 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2004-0977 [LOW] CVE-2004-0977 security flaw
CVE-2004-0977 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Bugzilla
CAN-2003-0977 fix pushed for RH9, but not FC1
bugzilla·2004-03-20
[MEDIUM] CAN-2003-0977 fix pushed for RH9, but not FC1
CAN-2003-0977 fix pushed for RH9, but not FC1
Description of problem:
CAN-2003-0977 fix pushed for RH9, but not FC1
Version-Release number of selected component (if applicable):
cvs-1.11.5-3
Additional info:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111221#c5
https://rhn.redhat.com/errata/RHSA-2004-003.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
Discussion:
A rebuild from cvs-1.11.11-1 (or higher) from Fedora Development
at Fedora Core 1 solves the problem, so maybe one of the Red Hat
maintainers could do that? Would be very nice :)
BTW: Maybe the kerberos 4 support has to be disabled.
---
Maybe that issue is fixed soon by one of
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300http://marc.info/?l=bugtraq&m=109910073808903&w=2http://security.gentoo.org/glsa/glsa-200410-16.xmlhttp://www.debian.org/security/2004/dsa-577http://www.mandriva.com/security/advisories?name=MDKSA-2004:149http://www.redhat.com/support/errata/RHSA-2004-489.htmlhttp://www.securityfocus.com/bid/11295http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360https://www.ubuntu.com/usn/usn-6-1/http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300http://marc.info/?l=bugtraq&m=109910073808903&w=2http://security.gentoo.org/glsa/glsa-200410-16.xmlhttp://www.debian.org/security/2004/dsa-577http://www.mandriva.com/security/advisories?name=MDKSA-2004:149http://www.redhat.com/support/errata/RHSA-2004-489.htmlhttp://www.securityfocus.com/bid/11295http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360https://www.ubuntu.com/usn/usn-6-1/
2005-02-09
Published