CVE-2004-0966

Summary

CVE	CVE-2004-0966
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-02-09 05:00:00 UTC
Updated	2017-07-11 01:30:00 UTC
Description	The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Gettext	0.14.1	All	All	All
Application	Gnu	Gettext	0.14.1	All	All	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ia64	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ppc	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ia64	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ppc	All

References

Reference	Source	Link	Tags
2004-0050	TRUSTIX	www.trustix.org
usn/usn-5-1 - Ubuntu Linux	UBUNTU	www.ubuntu.com
136323 – CAN-2004-0966 temporary file vulnerabilities in various gettext scripts.	CONFIRM	bugzilla.redhat.com
[FLSA-2006:136323] Updated gettext package fixes security issues	FEDORA	www.redhat.com
GNU GetText Unspecified Insecure Temporary File Creation Vulnerability	BID	www.securityfocus.com	Patch, Vendor Advisory
Advisories - Mandriva	MANDRIVA	wwwnew.mandriva.com
'[OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext)' - MARC	OPENPKG	marc.info
Gentoo Linux Documentation -- gettext: Insecure temporary file handling	GENTOO	www.gentoo.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.