Local File Overwrite Vulnerability in GNU Gettext Package Used by Trustix Secure Linux
CVE-2004-0966

Currently unrated

Key Information:

Vendor: Gnu
Status: Gettext
Vendor: CVE Published:; 9 February 2005

Summary

The GNU Gettext package versions 1.14 and later, utilized in Trustix Secure Linux 1.5 through 2.1, is susceptible to a local file overwrite vulnerability. This security issue arises from the autopoint and gettextize scripts allowing local users to create a symlink attack. By exploiting temporary file permissions, an attacker can overwrite files on the system, potentially leading to unauthorized access or denial of service. Organizations using affected versions should implement remediation measures to mitigate any potential risks.

References

http://www.redhat.com/archives/fedora-legacy-announce/200...

vendor-advisoryx_refsource_FEDORA

http://marc.info/?l=bugtraq&m=110382652226638&w=2

vendor-advisoryx_refsource_OPENPKG

http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Feb 9, 2005
Vulnerability Reserved
Oct 19, 2004