CVE-2004-0966

Name of the Vulnerable Software and Affected Versions GNU gettext package versions 1.14 and later

Description The issue is related to errors in the code of the autopoint and gettextize scripts in the GNU gettext package. It allows local users to overwrite files via a symlink attack on temporary files. This can be exploited by a local attacker to manipulate symbolic links on temporary files, resulting in the overwrite of certain files.

Recommendations For GNU gettext package versions 1.14 and later, consider restricting access to the autopoint and gettextize scripts until a patch is available. As a temporary workaround, avoid using these scripts with temporary files that can be manipulated by local users.