CVE-2004-1382

Name of the Vulnerable Software and Affected Versions glibc versions 2.2.4 through 2.3.4 glibc-common version 2.2.4 glibc-profile version 2.2.4 glibc-devel version 2.2.4

Description The issue concerns multiple vulnerabilities in the glibc package of Red Hat Enterprise Linux, which can be exploited locally to compromise the integrity of protected information. A specific vulnerability in glibc 2.3.4 and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Recommendations For glibc versions 2.2.4 through 2.3.4, consider updating to a newer version to mitigate the risk. For glibc-common version 2.2.4, restrict access to the vulnerable package to minimize the risk of exploitation. For glibc-profile version 2.2.4, avoid using the vulnerable profile package until the issue is resolved. For glibc-devel version 2.2.4, disable the development package temporarily to prevent potential exploitation. As a temporary workaround, consider restricting the use of the glibcbug script in glibc 2.3.4 and earlier versions until a patch is available.