Vulnerability Description
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.10 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653Vendor Advisory
- http://www.bugzilla.org/security/2.16.2/
- http://www.securityfocus.com/bid/7412PatchVendor Advisory
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653Vendor Advisory
- http://www.bugzilla.org/security/2.16.2/
- http://www.securityfocus.com/bid/7412PatchVendor Advisory
FAQ
What is CVE-2003-0603?
CVE-2003-0603 is a vulnerability with a CVSS score of 2.1 (LOW). Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with g...
How severe is CVE-2003-0603?
CVE-2003-0603 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0603?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.