CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300	Issue Tracking
http://marc.info/?l=bugtraq&m=109910073808903&w=2	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200410-16.xml	Third Party Advisory
http://www.debian.org/security/2004/dsa-577	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-489.html	Broken Link
http://www.securityfocus.com/bid/11295	Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.trustix.org/errata/2004/0050	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360	Broken Link
https://www.ubuntu.com/usn/usn-6-1/	Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300	Issue Tracking
http://marc.info/?l=bugtraq&m=109910073808903&w=2	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200410-16.xml	Third Party Advisory
http://www.debian.org/security/2004/dsa-577	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-489.html	Broken Link
http://www.securityfocus.com/bid/11295	Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.trustix.org/errata/2004/0050	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360	Broken Link
https://www.ubuntu.com/usn/usn-6-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:9.2::amd64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0::amd64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.1:::::::*

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 - Issue Tracking~~	() http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 - Issue Tracking
References	~~() http://marc.info/?l=bugtraq&m=109910073808903&w=2 - Third Party Advisory~~	() http://marc.info/?l=bugtraq&m=109910073808903&w=2 - Third Party Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200410-16.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-200410-16.xml - Third Party Advisory
References	~~() http://www.debian.org/security/2004/dsa-577 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2004/dsa-577 - Patch, Vendor Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 - Third Party Advisory~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 - Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2004-489.html - Broken Link~~	() http://www.redhat.com/support/errata/RHSA-2004-489.html - Broken Link
References	~~() http://www.securityfocus.com/bid/11295 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory~~	() http://www.securityfocus.com/bid/11295 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~() http://www.trustix.org/errata/2004/0050 - Third Party Advisory~~	() http://www.trustix.org/errata/2004/0050 - Third Party Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 - Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360 - Broken Link~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360 - Broken Link
References	~~() https://www.ubuntu.com/usn/usn-6-1/ - Third Party Advisory~~	() https://www.ubuntu.com/usn/usn-6-1/ - Third Party Advisory

02 Feb 2024, 16:33

Type	Values Removed	Values Added
References	~~(UBUNTU) https://www.ubuntu.com/usn/usn-6-1/ -~~	(UBUNTU) https://www.ubuntu.com/usn/usn-6-1/ - Third Party Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2004-489.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2004-489.html - Broken Link
References	~~(OPENPKG) http://marc.info/?l=bugtraq&m=109910073808903&w=2 -~~	(OPENPKG) http://marc.info/?l=bugtraq&m=109910073808903&w=2 - Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/11295 - Patch, Vendor Advisory~~	(BID) http://www.securityfocus.com/bid/11295 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 - Third Party Advisory, VDB Entry
References	~~(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 -~~	(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 - Third Party Advisory
References	~~(TRUSTIX) http://www.trustix.org/errata/2004/0050 -~~	(TRUSTIX) http://www.trustix.org/errata/2004/0050 - Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360 - Broken Link
References	~~(CONFIRM) http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 -~~	(CONFIRM) http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 - Issue Tracking
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-200410-16.xml -~~	(GENTOO) http://security.gentoo.org/glsa/glsa-200410-16.xml - Third Party Advisory
CPE	cpe:2.3:a:postgresql:postgresql:7.2.1:::::::* cpe:2.3:a:postgresql:postgresql:7.4.3:::::::* cpe:2.3:a:postgresql:postgresql:7.4.5:::::::*	cpe:2.3:a:postgresql:postgresql::::::::

Information

Published : 2005-02-09 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0977

Mitre link : CVE-2004-0977

CVE.ORG link : CVE-2004-0977

JSON object : View

Products Affected

mandrakesoft

mandrake_linux_corporate_server
mandrake_linux

postgresql

postgresql

trustix

secure_linux

redhat

enterprise_linux_desktop
enterprise_linux

CWE

NVD-CWE-Other

2.1 /10