Vulnerability Description
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Usermin | Usermin | 1.000 |
| Webmin | Webmin | 1.0.00 |
| Mandrakesoft | Mandrake Linux | 9.2 |
| Mandrakesoft | Mandrake Linux Corporate Server | 2.1 |
References
- http://secunia.com/advisories/12488/PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11153PatchVendor Advisory
- http://www.webmin.com/uchanges-1.089.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
- http://secunia.com/advisories/12488/PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11153PatchVendor Advisory
- http://www.webmin.com/uchanges-1.089.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
FAQ
What is CVE-2004-0559?
CVE-2004-0559 is a vulnerability with a CVSS score of 2.1 (LOW). The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
How severe is CVE-2004-0559?
CVE-2004-0559 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0559?
Check the references section above for vendor advisories and patch information. Affected products include: Usermin Usermin, Webmin Webmin, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server.