PT-2004-1121 · Gnu · Gnu Gettext

Published

2004-10-20

Updated

2017-07-11

CVE-2004-0966

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GNU gettext package versions 1.14 and later

Description The issue is related to errors in the code of the autopoint and gettextize scripts in the GNU gettext package. It allows local users to overwrite files via a symlink attack on temporary files. This can be exploited by a local attacker to manipulate symbolic links on temporary files, resulting in the overwrite of certain files.

Recommendations For GNU gettext package versions 1.14 and later, consider restricting access to the autopoint and gettextize scripts until a patch is available. As a temporary workaround, avoid using these scripts with temporary files that can be manipulated by local users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2017-00286

CVE-2004-0966

Affected Products

Gnu Gettext

PT-2004-1121 · Gnu · Gnu Gettext

CVE-2004-0966

Weakness Enumeration

Related Identifiers

Affected Products

References · 16