First published: Wed Oct 20 2004(Updated: )
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
ubuntu/gettext | <0.14.5-2ubuntu3 | 0.14.5-2ubuntu3 |
debian/gettext | 0.21-4 0.21-12 0.22.5-1 | |
GNU gettext | =0.14.1 | |
Ubuntu | =4.1 | |
Ubuntu | =4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0966 has a moderate severity rating due to the potential for local users to exploit symlink vulnerabilities.
To remediate CVE-2004-0966, update GNU gettext to version 0.14.5-2ubuntu3 or later for Ubuntu and patch your Debian installations to the specified versions.
CVE-2004-0966 affects GNU gettext version 0.14 and later on multiple platforms, including several versions of Ubuntu and Debian.
CVE-2004-0966 requires local access for exploitation, making it less of a threat compared to remote vulnerabilities.
CVE-2004-0966 is a symlink attack vulnerability that allows local users to overwrite files.