What is CVE-2004-0217?

CVE-2004-0217 is a high-severity vulnerability in Symantec Antivirus_scan_engine, classified under Improper Link Resolution Before File Access. CVSS score: 7.0/10. Published 2004-04-15.

How severe is CVE-2004-0217?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Symantec Antivirus_scan_engine

CVE-2004-0217

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

EPSS: 0.005 (36.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Symantec Antivirus_scan_engine — versions 4.0, 4.3
Redhat Linux
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

cve@mitre.org (Patch, VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID, Vendor Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ, Mailing List)

Frequently asked questions

What is CVE-2004-0217?: CVE-2004-0217 is a high-severity vulnerability in Symantec Antivirus_scan_engine, classified under Improper Link Resolution Before File Access. CVSS score: 7.0/10. Published 2004-04-15.
How severe is CVE-2004-0217?: High severity. CVSS v3 base score is 7.0 out of 10.