CVE-2004-0975

Description

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Affected products

• gentoo / linux
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux10.1 – 10.1
• mandrakesoft / mandrake_linux10.1 – 10.1
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• mandrakesoft / mandrake_multi_network_firewall8.2 – 8.2
• OpenSSL / OpenSSL0.9.6i – 0.9.6i
• OpenSSL / OpenSSL0.9.6j – 0.9.6j
• OpenSSL / OpenSSL0.9.6k – 0.9.6k
• OpenSSL / OpenSSL0.9.6l – 0.9.6l
• OpenSSL / OpenSSL0.9.6m – 0.9.6m
• OpenSSL / OpenSSL0.9.7c – 0.9.7c
• OpenSSL / OpenSSL0.9.7d – 0.9.7d
• OpenSSL / OpenSSL0.9.6h – 0.9.6h
• OpenSSL / OpenSSL0.9.6g – 0.9.6g
• OpenSSL / OpenSSL0.9.6f – 0.9.6f
• OpenSSL / OpenSSL0.9.6e – 0.9.6e
• OpenSSL / OpenSSL0.9.6d – 0.9.6d
• OpenSSL / OpenSSL0.9.6c – 0.9.6c
• OpenSSL / OpenSSL0.9.6b – 0.9.6b
• OpenSSL / OpenSSL0.9.6a – 0.9.6a
• OpenSSL / OpenSSL0.9.6 – 0.9.6

References

• MISChttp://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
• MISChttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17583
• MISChttp://www.trustix.org/errata/2004/0050
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-603
• MISChttp://www.redhat.com/support/errata/RHSA-2005-476.html
• MISChttp://www.securityfocus.com/bid/11293
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
• VENDOR_ADVISORYhttp://secunia.com/advisories/12973