CVE-2004-1000

13 documents6 sources

Severity

2.1LOW

EPSS

0.1%

top 78.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lintian

Timeline

PublishedJan 10

Latest updateApr 29

Description

lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianlintian< 1.23.6+3

▶NVDdebian/lintian1.2_0.17.1

🔴Vulnerability Details

GHSA

GHSA-j94j-9h78-829f: lintian 1↗2022-04-29

▶

CVEList

CVE-2004-1000: lintian 1↗2005-01-19

▶

OSV

CVE-2004-1000: lintian 1↗2004-01-10

▶

💥Exploits & PoCs

Exploit-DB

Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow↗2005-02-18

▶

Exploit-DB

AIX 5.1 < 5.3 - paginit Local Stack Overflow↗2004-12-20

▶

Exploit-DB

OpenText FirstClass 8.0 - HTTP Daemon /Search Remote Denial of Service↗2004-12-15

▶

Exploit-DB

Ground Control 1.0.0.7 - 'Server/Client' Denial of Service↗2004-08-31

▶

Exploit-DB

BadBlue 2.52 Web Server - Multiple Connections Denial of Service Vulnerabilities↗2004-08-26

▶

📋Vendor Advisories

Debian

CVE-2004-1000: lintian - lintian 1.23 and earlier removes the working directory even if it was not create...↗2004

▶