CVE-2004-0977 — LOW (2.1) — White Hats Nepal

Q: What is CVE-2004-0977?

CVE-2004-0977 is a vulnerability with a CVSS score of 2.1 (LOW). The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Q: How severe is CVE-2004-0977?

CVE-2004-0977 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0977?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	>= 7.3.0, < 7.3.8
Mandrakesoft	Mandrake Linux	9.2
Mandrakesoft	Mandrake Linux Corporate Server	2.1
Redhat	Enterprise Linux	3.0
Redhat	Enterprise Linux Desktop	3.0
Trustix	Secure Linux	2.0

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300Issue Tracking
http://marc.info/?l=bugtraq&m=109910073808903&w=2Third Party Advisory
http://security.gentoo.org/glsa/glsa-200410-16.xmlThird Party Advisory
http://www.debian.org/security/2004/dsa-577PatchVendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-489.htmlBroken Link
http://www.securityfocus.com/bid/11295PatchThird Party AdvisoryVDB Entry
http://www.trustix.org/errata/2004/0050Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
https://www.ubuntu.com/usn/usn-6-1/Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300Issue Tracking
http://marc.info/?l=bugtraq&m=109910073808903&w=2Third Party Advisory
http://security.gentoo.org/glsa/glsa-200410-16.xmlThird Party Advisory
http://www.debian.org/security/2004/dsa-577PatchVendor Advisory

FAQ

What is CVE-2004-0977?

CVE-2004-0977 is a vulnerability with a CVSS score of 2.1 (LOW). The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

How severe is CVE-2004-0977?

CVE-2004-0977 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0977?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.