cvelistv5 - cve-2004-0975

cve-2004-0975

Vulnerability from cvelistv5

Published

2004-10-20 04:00

Modified

2024-08-08 00:39

Severity ?

Summary

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

References

URL	Tags
cve@mitre.org	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
cve@mitre.org	http://secunia.com/advisories/12973
cve@mitre.org	http://www.debian.org/security/2004/dsa-603
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2005-476.html
cve@mitre.org	http://www.securityfocus.com/bid/11293	Patch, Vendor Advisory
cve@mitre.org	http://www.trustix.org/errata/2004/0050
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12973
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-603
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-476.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11293	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2004/0050
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200411-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
          },
          {
            "name": "script-temporary-file-overwrite(17583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
          },
          {
            "name": "2004-0050",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0050"
          },
          {
            "name": "oval:org.mitre.oval:def:164",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
          },
          {
            "name": "DSA-603",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-603"
          },
          {
            "name": "RHSA-2005:476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
          },
          {
            "name": "11293",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11293"
          },
          {
            "name": "oval:org.mitre.oval:def:10621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
          },
          {
            "name": "12973",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200411-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
        },
        {
          "name": "script-temporary-file-overwrite(17583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
        },
        {
          "name": "2004-0050",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0050"
        },
        {
          "name": "oval:org.mitre.oval:def:164",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
        },
        {
          "name": "DSA-603",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-603"
        },
        {
          "name": "RHSA-2005:476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
        },
        {
          "name": "11293",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11293"
        },
        {
          "name": "oval:org.mitre.oval:def:10621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
        },
        {
          "name": "12973",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0975",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200411-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
            },
            {
              "name": "script-temporary-file-overwrite(17583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
            },
            {
              "name": "2004-0050",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0050"
            },
            {
              "name": "oval:org.mitre.oval:def:164",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
            },
            {
              "name": "DSA-603",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-603"
            },
            {
              "name": "RHSA-2005:476",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
            },
            {
              "name": "11293",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11293"
            },
            {
              "name": "oval:org.mitre.oval:def:10621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
            },
            {
              "name": "12973",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0975",
    "datePublished": "2004-10-20T04:00:00",
    "dateReserved": "2004-10-19T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0975\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-02-09T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F3F3BB-E004-4FD9-9580-F2D5F3ED3701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E4742C-A983-4F00-B24F-AB280C0E876D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0628DF-3A4C-4078-B615-22260671EABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962FCB86-15AD-4399-8B7D-EC1DEA919C59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180D07AE-C571-4DD6-837C-43E2A946007A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90789533-C741-4B1C-A24B-2C77B9E4DE5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1520065B-46D7-48A4-B9D0-5B49F690C5B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AA526B9-726A-49D5-B3CA-EBE2DA303CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494E48E7-EF86-4860-9A53-94F6C313746E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2636B92E-47D5-42EA-9585-A2B84FBE71CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"549BB01D-F322-4FE3-BDA2-4FEA8ED8568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647BA336-5538-4972-9271-383A0EC9378E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4177C378-7729-46AB-B49B-C6DAED3200E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*\",\"matchCriteriaId\":\"2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*\",\"matchCriteriaId\":\"A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3528DABD-B821-4D23-AE12-614A9CA92C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"9E661D58-18DF-4CCF-9892-F873618F4535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F0D201-B1DC-4024-AF77-A284673618F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"052E3862-BFB7-42E7-889D-8590AFA8EF37\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/12973\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2004/dsa-603\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-476.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11293\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.trustix.org/errata/2004/0050\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17583\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/12973\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2004/dsa-603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-476.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.trustix.org/errata/2004/0050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\",\"lastModified\":\"2007-03-14T00:00:00\"}]}}"
  }
}

ghsa-53cg-whph-j92f

Vulnerability from github

Published

2022-04-29 02:58

Modified

2022-04-29 02:58

Details

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0975"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-02-09T05:00:00Z",
    "severity": "LOW"
  },
  "details": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.",
  "id": "GHSA-53cg-whph-j92f",
  "modified": "2022-04-29T02:58:42Z",
  "published": "2022-04-29T02:58:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0975"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/12973"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-603"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11293"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2004/0050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: gzip Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA21996

VERIFY ADVISORY: http://secunia.com/advisories/21996/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE:

From remote

SOFTWARE: gzip 1.x http://secunia.com/product/4220/

DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file.

3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table.

4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file.

The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected.

SOLUTION: Do not unpack untrusted archive files.

PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team

ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780

US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508

US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548

US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712

US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               National Cyber Alert System

        Technical Cyber Security Alert TA06-333A

Apple Releases Security Update to Address Multiple Vulnerabilities

Original release date: November 29, 2006 Last revised: -- Source: US-CERT

Systems Affected

 * Apple Mac OS X version 10.3.x and 10.4.x
 * Apple Mac OS X Server version 10.3.x and 10.4.x
 * Apple Safari web browser

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

Overview

Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed.

I. Description

Apple Security Update 2006-007 addresses a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the related vulnerability notes.

This security update also addresses previously known vulnerabilities in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The OpenSSL vulnerabilities are documented in multiple vulnerability notes. Information is also available through the OpenSSL vulnerabilities page. Information about the vulnerabilities in gzip is available in a series of vulnerability notes.

II. Impact

The impacts of these vulnerabilities vary. For specific details, see the appropriate vulnerability notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

III. Solution

Install updates

Install Apple Security Update 2006-007. This and other updates are available via Apple Update or via Apple Downloads.

IV. References

 * Vulnerability Notes for Apple Security Update 2006-007 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>

 * Vulnerability Notes for OpenSSL Security Advisory [28th September
   2006] -

http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928

 * Vulnerability Note VU#845620 -
   <http://www.kb.cert.org/vuls/id/845620>

 * Vulnerability Note VU#933712 -
   <http://www.kb.cert.org/vuls/id/933712>

 * Vulnerability Note VU#381508 -
   <http://www.kb.cert.org/vuls/id/381508>

 * Vulnerability Note VU#554780 -
   <http://www.kb.cert.org/vuls/id/554780>

 * Vulnerability Note VU#596848 -
   <http://www.kb.cert.org/vuls/id/596848>

 * Vulnerability Note VU#773548 -
   <http://www.kb.cert.org/vuls/id/773548>

 * About the security content of Security Update 2006-007 -
   <http://docs.info.apple.com/article.html?artnum=304829>

 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>

 * Apple Downloads - <http://www.apple.com/support/downloads/>

 * OpenSSL: OpenSSL vulnerabilities -
   <http://www.openssl.org/news/vulnerabilities.html>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/#Safari>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-333A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-333A Feedback VU#191336" in the subject.

Produced 2006 by US-CERT, a government organization.

http://www.us-cert.gov/legal.html

Revision History

November 29, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6 lJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz iN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7 xr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf 8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q A580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg== =f7N+ -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200502-0025",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openpkg",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "suse linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "rpath",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "model": "mandrake linux corporate server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": "10.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "9.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "mandrake multi network firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "8.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7d"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "gentoo",
        "version": "*"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "attachmatewrq",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "iaik java group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "internet consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intoto",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security corp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vandyke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6m"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7e"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "appliance server workgroup edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "appliance server hosting edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "1.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "advanced linux environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "fedora core3",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.1"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "integrated management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.1"
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:openssl:openssl",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The individual or individuals responsible for the discovery of this issue is currently unknown; Trustix security engineers are credited with these discoveries.",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-0975",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2004-0975",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-9405",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2004-0975",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#386964",
            "trust": 0.8,
            "value": "0.32"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#773548",
            "trust": 0.8,
            "value": "1.57"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845620",
            "trust": 0.8,
            "value": "7.56"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#547300",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "NVD",
            "id": "CVE-2004-0975",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200502-020",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9405",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability.  This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. \nAn attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.  Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\ngzip Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21996\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21996/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\ngzip 1.x\nhttp://secunia.com/product/4220/\n\nDESCRIPTION:\nTavis Ormandy has reported some vulnerabilities in gzip, which can be\nexploited by malicious people to cause a DoS (Denial of Service) and\npotentially compromise a vulnerable system. \n\n1) A boundary error within the \"make_table()\" function in unlzh.c can\nbe used to modify certain stack data. tricking\na user or automated system into unpacking a specially crafted archive\nfile. tricking a user  or\nautomated system into unpacking a specially crafted \"pack\" archive\nfile. \n\n3) A buffer overflow within the \"make_table()\" function of gzip\u0027s LZH\nsupport can be exploited to cause a DoS and potentially to compromise\na vulnerable system by e.g. tricking a user or automated system into\nunpacking an archive containing a specially crafted decoding table. \n\n4) A NULL pointer dereference within the \"huft_build()\" function and\nan infinite loop within the LZH handling can be exploited to cause a\nDoS by e.g. tricking a user or automated system into unpacking a\nspecially crafted archive file. \n\nThe vulnerabilities have been reported in version 1.3.5. Other\nversions may also be affected. \n\nSOLUTION:\nDo not unpack untrusted archive files. \n\nPROVIDED AND/OR DISCOVERED BY:\nTavis Ormandy, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676\n\nOTHER REFERENCES:\nUS-CERT VU#554780:\nhttp://www.kb.cert.org/vuls/id/554780\n\nUS-CERT VU#381508:\nhttp://www.kb.cert.org/vuls/id/381508\n\nUS-CERT VU#773548:\nhttp://www.kb.cert.org/vuls/id/773548\n\nUS-CERT VU#933712:\nhttp://www.kb.cert.org/vuls/id/933712\n\nUS-CERT VU#596848\nhttp://www.kb.cert.org/vuls/id/596848\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                   National Cyber Alert System\n\n            Technical Cyber Security Alert TA06-333A\n\n\nApple Releases Security Update to Address Multiple Vulnerabilities\n\n   Original release date: November 29, 2006\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Apple Mac OS X version 10.3.x and 10.4.x\n     * Apple Mac OS X Server version 10.3.x and 10.4.x\n     * Apple Safari web browser\n\n   These vulnerabilities affect both Intel-based and PowerPC-based Apple\n   systems. \n\n\nOverview\n\n   Apple has released Security Update 2006-007 to correct multiple\n   vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web\n   browser. Vulnerabilities in OpenSSL, gzip, and other products are also\n   addressed. \n\n\nI. Description\n\n   Apple Security Update 2006-007 addresses a number of vulnerabilities\n   affecting Mac OS X, OS X Server, Safari web browser, and other\n   products. Further details are available in the related vulnerability\n   notes. \n\n   This security update also addresses previously known vulnerabilities\n   in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The\n   OpenSSL vulnerabilities are documented in multiple vulnerability\n   notes. Information is also available through the OpenSSL\n   vulnerabilities page. Information about the vulnerabilities in gzip is\n   available in a series of vulnerability notes. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For specific details, see\n   the appropriate vulnerability notes. Potential consequences include\n   remote execution of arbitrary code or commands, bypass of security\n   restrictions, and denial of service. \n\n\nIII. Solution\n\nInstall updates\n\n   Install Apple Security Update 2006-007. This and other updates are\n   available via Apple Update or via Apple Downloads. \n\n\nIV. References\n\n     * Vulnerability Notes for Apple Security Update 2006-007 -\n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e\n\n     * Vulnerability Notes for OpenSSL Security Advisory [28th September\n       2006] -\n\u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e\n\n     * Vulnerability Note VU#845620 -\n       \u003chttp://www.kb.cert.org/vuls/id/845620\u003e\n\n     * Vulnerability Note VU#933712 -\n       \u003chttp://www.kb.cert.org/vuls/id/933712\u003e\n\n     * Vulnerability Note VU#381508 -\n       \u003chttp://www.kb.cert.org/vuls/id/381508\u003e\n\n     * Vulnerability Note VU#554780 -\n       \u003chttp://www.kb.cert.org/vuls/id/554780\u003e\n\n     * Vulnerability Note VU#596848 -\n       \u003chttp://www.kb.cert.org/vuls/id/596848\u003e\n\n     * Vulnerability Note VU#773548 -\n       \u003chttp://www.kb.cert.org/vuls/id/773548\u003e\n\n     * About the security content of Security Update 2006-007 -\n       \u003chttp://docs.info.apple.com/article.html?artnum=304829\u003e\n\n     * Mac OS X: Updating your software -\n       \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n     * Apple Downloads - \u003chttp://www.apple.com/support/downloads/\u003e\n\n     * OpenSSL: OpenSSL vulnerabilities -\n       \u003chttp://www.openssl.org/news/vulnerabilities.html\u003e\n\n     * Securing Your Web Browser -\n       \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Safari\u003e\n\n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-333A.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-333A Feedback VU#191336\" in the\n subject. \n _________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n   \u003chttp://www.us-cert.gov/legal.html\u003e\n\n _________________________________________________________________\n\n   Revision History\n\n   November 29, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6\nlJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz\niN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7\nxr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf\n8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q\nA580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg==\n=f7N+\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      }
    ],
    "trust": 5.04
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11293",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "12973",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22083",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "23280",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "23309",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "17583",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548",
        "trust": 1.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "20246",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#386964",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2007.0014",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "21709",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22207",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22212",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22116",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22216",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22220",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22330",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22130",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22240",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22259",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22260",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22165",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22166",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22172",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22284",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22186",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22193",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "22094",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "20249",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1016943",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "29237",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374",
        "trust": 0.8
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200411-15",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:164",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-603",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:476",
        "trust": 0.6
      },
      {
        "db": "TRUSTIX",
        "id": "2004-0050",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#554780",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#933712",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#596848",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#381508",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "21996",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50178",
        "trust": 0.1
      },
      {
        "db": "USCERT",
        "id": "TA06-333A",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52708",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "id": "VAR-200502-0025",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-09-19T21:58:41.799000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.openssl.org/"
      },
      {
        "title": "RHSA-2005:476",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2005-476.html"
      },
      {
        "title": "TLSA-2005-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/TLSA-2005-14.txt"
      },
      {
        "title": "RHSA-2005:476",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-476J.html"
      },
      {
        "title": "TLSA-2005-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/TLSA-2005-14j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/11293"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/22083"
      },
      {
        "trust": 1.7,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-603"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-476.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/12973"
      },
      {
        "trust": 1.7,
        "url": "http://www.trustix.org/errata/2004/0050"
      },
      {
        "trust": 1.6,
        "url": "http://www.openssl.org/news/secadv_20060928.txt"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23280/"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23309/"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/17583"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10621"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a164"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20246"
      },
      {
        "trust": 0.8,
        "url": "http://www.gzip.org/"
      },
      {
        "trust": 0.8,
        "url": "http://www.auscert.org.au/7179"
      },
      {
        "trust": 0.8,
        "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060905.txt "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21709/"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3447.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
      },
      {
        "trust": 0.8,
        "url": "https://issues.rpath.com/browse/rpl-613 "
      },
      {
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20060928.txt "
      },
      {
        "trust": 0.8,
        "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
      },
      {
        "trust": 0.8,
        "url": "http://openvpn.net/changelog.html "
      },
      {
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/ "
      },
      {
        "trust": 0.8,
        "url": "http://openbsd.org/errata.html#openssl2 "
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20249 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016943 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22130 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22094 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22165 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22186 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22193 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22207 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22259 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22260 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22166 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22172 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22212 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22240 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22216 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22116 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22220 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22284 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22330 "
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/29237 "
      },
      {
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0975"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0975"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/12973/"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:164"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-170.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-476.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/554780"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/381508"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4220/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/773548"
      },
      {
        "trust": 0.1,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/933712"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/596848"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21996/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/845620\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/773548\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/933712\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/596848\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/vulnerabilities.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304829\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/381508\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/554780\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2006-09-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "date": "2006-09-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2005-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "date": "2004-09-30T00:00:00",
        "db": "BID",
        "id": "11293"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "date": "2006-09-21T23:56:25",
        "db": "PACKETSTORM",
        "id": "50178"
      },
      {
        "date": "2006-12-06T02:47:36",
        "db": "PACKETSTORM",
        "id": "52708"
      },
      {
        "date": "2005-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "date": "2005-02-09T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#386964"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#773548"
      },
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845620"
      },
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#547300"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9405"
      },
      {
        "date": "2009-07-12T07:06:00",
        "db": "BID",
        "id": "11293"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000374"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      },
      {
        "date": "2017-10-11T01:29:39.230000",
        "db": "NVD",
        "id": "CVE-2004-0975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "11293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200502-020"
      }
    ],
    "trust": 0.9
  }
}

gsd-2004-0975

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Aliases

CVE-2004-0975

Aliases

CVE-2004-0975

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0975",
    "description": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.",
    "id": "GSD-2004-0975",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-0975.html",
      "https://www.debian.org/security/2004/dsa-603",
      "https://access.redhat.com/errata/RHSA-2005:476"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0975"
      ],
      "details": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.",
      "id": "GSD-2004-0975",
      "modified": "2023-12-13T01:22:54.197949Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0975",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-200411-15",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
          },
          {
            "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302",
            "refsource": "CONFIRM",
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
          },
          {
            "name": "script-temporary-file-overwrite(17583)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
          },
          {
            "name": "2004-0050",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2004/0050"
          },
          {
            "name": "oval:org.mitre.oval:def:164",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
          },
          {
            "name": "DSA-603",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2004/dsa-603"
          },
          {
            "name": "RHSA-2005:476",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
          },
          {
            "name": "11293",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11293"
          },
          {
            "name": "oval:org.mitre.oval:def:10621",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
          },
          {
            "name": "12973",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/12973"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0975"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11293",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/11293"
            },
            {
              "name": "DSA-603",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2004/dsa-603"
            },
            {
              "name": "GLSA-200411-15",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
            },
            {
              "name": "2004-0050",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2004/0050"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
            },
            {
              "name": "12973",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/12973"
            },
            {
              "name": "RHSA-2005:476",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
            },
            {
              "name": "script-temporary-file-overwrite(17583)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
            },
            {
              "name": "oval:org.mitre.oval:def:164",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
            },
            {
              "name": "oval:org.mitre.oval:def:10621",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2005-02-09T05:00Z"
    }
  }
}

Action not permitted

cve-2004-0975

Vulnerability from cvelistv5

ghsa-53cg-whph-j92f

Vulnerability from github

var-200502-0025

Vulnerability from variot

gsd-2004-0975

Vulnerability from gsd

Tags