Vulnerability in Gentoo Linux
CVE-2004-0975
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
EPSS: 0.004 (33.0th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Linux
- Mandrakesoft Mandrake_linux — versions 9.2, 10.0, 10.1
- Mandrakesoft Mandrake_linux_corporate_server — versions 2.1
- Mandrakesoft Mandrake_multi_network_firewall — versions 8.2
- Openssl — versions 0.9.6, 0.9.6a, 0.9.6b
- N/a — versions n/a
Public proof-of-concept exploits
References
- cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vendor-advisory, x_refsource_TRUSTIX)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2004-0975?
- CVE-2004-0975 is a vulnerability in Gentoo Linux. Published 2005-02-09.
- Is CVE-2004-0975 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.