Vulnerability/
CVE-2004-0977

2.1

CWE

NVD-CWE-Other

20/10/2004

8/8/2024

CVE-2004-0977

First published: Wed Oct 20 2004(Updated: )

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
PostgreSQL PostgreSQL	>=7.3.0<7.3.8
PostgreSQL PostgreSQL	>=7.4.0<7.4.6
Mandrakesoft Mandrake Linux	=9.2
Mandrakesoft Mandrake Linux	=9.2
Mandrakesoft Mandrake Linux	=10.0
Mandrakesoft Mandrake Linux	=10.0
Mandrakesoft Mandrake Linux	=10.1
Mandrakesoft Mandrake Linux	=10.1
Mandrakesoft Mandrake Linux Corporate Server	=2.1
Mandrakesoft Mandrake Linux Corporate Server	=2.1
Redhat Enterprise Linux	=3.0
Redhat Enterprise Linux	=3.0
Redhat Enterprise Linux	=3.0
Redhat Enterprise Linux Desktop	=3.0
Trustix Secure Linux	=2.0
Trustix Secure Linux	=2.1
PostgreSQL PostgreSQL	=7.4.3
PostgreSQL PostgreSQL	=7.4.5
PostgreSQL PostgreSQL	=7.2.1
ubuntu/postgresql	<7.5.16.1	7.5.16.1
ubuntu/postgresql	<7.5.16.1	7.5.16.1
ubuntu/postgresql-7.4	<7.4.12-3	7.4.12-3
ubuntu/postgresql-7.4	<7.4.12-3	7.4.12-3
ubuntu/postgresql-8.0	<8.0.7-2	8.0.7-2
ubuntu/postgresql-8.1	<8.1.9-0ubuntu0.6.06	8.1.9-0ubuntu0.6.06
ubuntu/postgresql-8.1	<8.1.9-0ubuntu0.6.10	8.1.9-0ubuntu0.6.10
ubuntu/postgresql-8.1	<8.1.8-1ubuntu3	8.1.8-1ubuntu3
ubuntu/postgresql-8.2	<8.2.4-0ubuntu0.7.04	8.2.4-0ubuntu0.7.04
debian/postgresql

Remedy

http://www.debian.org/security/2004/dsa-577

Remedy

http://www.securityfocus.com/bid/11295

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

agent/type
agent/remedy
agent/severity
agent/last-modified-date
agent/weakness
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/postgresql
product/postgresql
canonical/postgresql postgresql
vendor/trustix
product/secure linux
canonical/trustix secure linux
vendor/mandrakesoft
product/mandrake linux corporate server
canonical/mandrakesoft mandrake linux corporate server
vendor/redhat
product/enterprise linux desktop
canonical/redhat enterprise linux desktop
product/enterprise linux
canonical/redhat enterprise linux
product/mandrake linux
canonical/mandrakesoft mandrake linux
collector/nvd-index
collector/usn-cve
source/Ubuntu
agent/first-publish-date
agent/description
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
collector/nvd-cve
agent/author
agent/references
agent/softwarecombine
agent/event
agent/tags
collector/mitre-cve
source/MITRE
version/postgresql postgresql/7.3.0
version/postgresql postgresql/7.4.0
version/mandrakesoft mandrake linux/9.2
version/mandrakesoft mandrake linux/10.0
version/mandrakesoft mandrake linux/10.1
version/mandrakesoft mandrake linux corporate server/2.1
version/redhat enterprise linux/3.0
version/redhat enterprise linux desktop/3.0
version/trustix secure linux/2.0
version/trustix secure linux/2.1
version/postgresql postgresql/7.4.3
version/postgresql postgresql/7.4.5
version/postgresql postgresql/7.2.1
package-manager/ubuntu
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203