National Cyber-Alert System
Vulnerability Summary: CVE-2004-0975
Orirignal release date: 2005-02-09
Source: US-CERT/NIST

Overview

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Impact

    CVSS Severity: 2.3 (Low)
    Range: local
    Authentication: design
    Impact Type: int

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    OpenSSL (OpenSSL Project)
    Mandrake Corporate Server (MandrakeSoft)
    Mandrake Multi Network Firewall (MandrakeSoft)
    Gentoo Linux (Gentoo)
    Mandrake Linux (MandrakeSoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0975