CVE-2004-0966
First published: Wed Oct 20 2004(Updated: )
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
| ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
| ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
| debian/gettext | 0.21-4 0.21-12 0.22.5-1 | |
| GNU gettext | =0.14.1 | |
| Ubuntu | =4.1 | |
| Ubuntu | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11282
- http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml
- http://www.trustix.org/errata/2004/0050
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051
- http://marc.info/?l=bugtraq&m=110382652226638&w=2
- https://www.ubuntu.com/usn/usn-5-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://ubuntu.com/security/notices/USN-5-1
- https://www.cve.org/CVERecord?id=CVE-2004-0966
- https://nvd.nist.gov/vuln/detail/CVE-2004-0966
- https://launchpad.net/bugs/cve/CVE-2004-0966
- https://security-tracker.debian.org/tracker/CVE-2004-0966
- https://ubuntu.com/security/CVE-2004-0966
- http://marc.info/?l=bugtraq&m=110382652226638&w=2
Frequently Asked Questions
What is the severity of CVE-2004-0966?
CVE-2004-0966 has a moderate severity rating due to the potential for local users to exploit symlink vulnerabilities.
How do I fix CVE-2004-0966?
To remediate CVE-2004-0966, update GNU gettext to version 0.14.5-2ubuntu3 or later for Ubuntu and patch your Debian installations to the specified versions.
What platforms are affected by CVE-2004-0966?
CVE-2004-0966 affects GNU gettext version 0.14 and later on multiple platforms, including several versions of Ubuntu and Debian.
Can CVE-2004-0966 be exploited remotely?
CVE-2004-0966 requires local access for exploitation, making it less of a threat compared to remote vulnerabilities.
What is the type of vulnerability for CVE-2004-0966?
CVE-2004-0966 is a symlink attack vulnerability that allows local users to overwrite files.
- agent/type
- agent/severity
- agent/remedy
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/gnu
- product/gettext
- canonical/gnu gettext
- vendor/ubuntu
- product/ubuntu linux
- canonical/ubuntu ubuntu linux
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- package-manager/ubuntu
- package-manager/debian
- version/gnu gettext/0.14.1
- canonical/ubuntu
- version/ubuntu/4.1