Lucene search
HistoryApr 15, 2004 - 4:00 a.m.
CVE-2003-0202
cve
2003
0202
vulnerability
metrics 1.0
symlink attack
local users
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Affected configurations
Node
brian_renaudmetricsMatch1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| brian_renaud:metrics | brian renaud metrics | eq | 1.0 |
Related
openvas
openvas
Debian Security Advisory DSA 279-1 (metrics)
2008-01-17 00:00:00
Debian Security Advisory DSA 279-1 (metrics)
2008-01-17 00:00:00
debian
debian
nessus
nessus
Debian DSA-279-1 : metrics - insecure temporary file creation
2004-09-29 00:00:00
cvelist
cvelist
CVE-2003-0202
2004-03-16 05:00:00
nvd
nvd
CVE-2003-0202
2004-04-15 04:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2003-0202