CVE-2004-2097 - Vulnerability Details - OpenCVE

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suse	Suse Linux

Configuration 1 [-]

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=107461582413923&w=2
http://marc.info/?l=bugtraq&m=107478920006258&w=2
http://securitytracker.com/id?1008781
http://www.securityfocus.com/bid/9457
https://exchange.xforce.ibmcloud.com/vulnerabilities/14963

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-27T04:00:00

Updated: 2024-08-08T01:15:01.331Z

Reserved: 2005-05-27T00:00:00

Link: CVE-2004-2097

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2024-11-20T23:52:29.253

Link: CVE-2004-2097

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2"}, {"name": "20040121 [SuSE 9.0] possible symlink attacks in some scripts", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2"}, {"name": "1008781", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1008781"}, {"name": "suse-multiple-symlink-attack(14963)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963"}, {"name": "9457", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9457"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2097", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2"}, {"name": "20040121 [SuSE 9.0] possible symlink attacks in some scripts", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2"}, {"name": "1008781", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1008781"}, {"name": "suse-multiple-symlink-attack(14963)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963"}, {"name": "9457", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9457"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.331Z"}, "title": "CVE Program Container", "references": [{"name": "20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2"}, {"name": "20040121 [SuSE 9.0] possible symlink attacks in some scripts", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2"}, {"name": "1008781", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1008781"}, {"name": "suse-multiple-symlink-attack(14963)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963"}, {"name": "9457", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9457"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2097", "datePublished": "2005-05-27T04:00:00", "dateReserved": "2005-05-27T00:00:00", "dateUpdated": "2024-08-08T01:15:01.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd."}], "id": "CVE-2004-2097", "lastModified": "2024-11-20T23:52:29.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1008781"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9457"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1008781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/9457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}