PT-2004-1053 · Gnu · Glibc-Profile+3

Published

2004-10-20

Updated

2017-10-11

CVE-2004-0968

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.2 and earlier glibc-common version 2.2.4 glibc-profile version 2.2.4 glibc-devel version 2.2.4

Description The issue allows local users to overwrite files via a symlink attack on temporary files, potentially leading to disruption of protected information integrity. Exploitation can be carried out locally.

Recommendations For glibc versions 2.3.2 and earlier, update to a version later than 2.3.2 to resolve the issue. For glibc-common version 2.2.4, consider updating or applying security patches to mitigate the risk. For glibc-profile version 2.2.4, consider updating or applying security patches to mitigate the risk. For glibc-devel version 2.2.4, consider updating or applying security patches to mitigate the risk. As a temporary workaround, consider restricting access to temporary files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-06076

BDU:2015-06077

BDU:2015-06078

BDU:2015-06079

CVE-2004-0968

DSA-636-1

RHSA-2004:586

Affected Products

Glibc

Glibc-Common

Glibc-Devel

Glibc-Profile

PT-2004-1053 · Gnu · Glibc-Profile+3

CVE-2004-0968

Related Identifiers

Affected Products

References · 19