Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
opensslOpenSSLOPENSSL:CVE-2004-0975
HistorySep 30, 2004 - 12:00 a.m.

Vulnerability in OpenSSL CVE-2004-0975

2004-09-3000:00:00
www.openssl.org
24

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution.
  • Fixed in OpenSSL 0.9.7f (git commit) (Affected since 0.9.7)
  • Fixed in OpenSSL 0.9.6-cvs (Affected since 0.9.6)

Related

cvelist 1
debian 2
openvas 7
ubuntucve 1
nessus 7
ubuntu 1
nvd 1
cve 1
debiancve 1
osv 1
f5 2
centos 2
gentoo 1
redhat 1
oraclelinux 3
cvelist
cvelist
CVE-2004-0975
2004-10-20 04:00:00
debian
debian
[SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation
2004-12-01 16:50:18
[SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation
2004-12-01 16:50:18
openvas
openvas
Debian: Security Advisory (DSA-603-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 603-1 (openssl)
2008-01-17 00:00:00
OpenSSL: Insecure Temporary File Creation (CVE-2004-0975) - Linux
2021-08-13 00:00:00
ubuntucve
ubuntucve
CVE-2004-0975
2005-02-09 00:00:00
nessus
nessus
OpenSSL 0.9.7 < 0.9.7f Vulnerability
2012-01-04 00:00:00
Debian DSA-603-1 : openssl - insecure temporary file
2004-12-01 00:00:00
Ubuntu 4.10 : openssl script vulnerability (USN-24-1)
2006-01-15 00:00:00
ubuntu
ubuntu
openssl script vulnerability
2004-11-12 00:00:00
nvd
nvd
CVE-2004-0975
2005-02-09 05:00:00
cve
cve
CVE-2004-0975
2005-02-09 05:00:00
debiancve
debiancve
CVE-2004-0975
2005-02-09 05:00:00
osv
osv
openssl - insecure temporary file
2004-12-01 00:00:00
f5
f5
K15305 : OpenSSL vulnerability CVE-2004-0975
2014-06-02 00:00:00
SOL15305 - OpenSSL vulnerability CVE-2004-0975
2014-06-02 00:00:00
centos
centos
openssl, openssl096b security update
2005-06-01 17:56:00
openssl, openssl095a, openssl096 security update
2005-06-01 23:22:48
gentoo
gentoo
OpenSSL, Groff: Insecure tempfile handling
2004-11-08 00:00:00
redhat
redhat
(RHSA-2005:476) openssl security update
2005-06-01 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for OPENSSL:CVE-2004-0975
cvelist1debian2openvas7ubuntucve1nessus7ubuntu1nvd1cve1debiancve1osv1f52centos2gentoo1redhat1oraclelinux3