fkie_nvd - fkie_cve-2004-0559

fkie_cve-2004-0559

Vulnerability from fkie_nvd

Published

2004-10-20 04:00

Modified

2024-11-20 23:48

Severity ?

Summary

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/12488/	Patch, Vendor Advisory
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11153	Patch, Vendor Advisory
cve@mitre.org	http://www.webmin.com/uchanges-1.089.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12488/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11153	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.webmin.com/uchanges-1.089.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17299

Impacted products

Vendor	Product	Version
usermin	usermin	1.000
usermin	usermin	1.010
usermin	usermin	1.020
usermin	usermin	1.030
usermin	usermin	1.040
usermin	usermin	1.051
usermin	usermin	1.060
usermin	usermin	1.070
usermin	usermin	1.080
webmin	webmin	1.0.00
webmin	webmin	1.0.20
webmin	webmin	1.0.50
webmin	webmin	1.0.60
webmin	webmin	1.0.70
webmin	webmin	1.0.80
webmin	webmin	1.0.90
webmin	webmin	1.1.00
webmin	webmin	1.1.10
webmin	webmin	1.1.21
webmin	webmin	1.1.30
webmin	webmin	1.1.40
webmin	webmin	1.1.50
mandrakesoft	mandrake_linux	9.2
mandrakesoft	mandrake_linux	9.2
mandrakesoft	mandrake_linux	10.0
mandrakesoft	mandrake_linux	10.0
mandrakesoft	mandrake_linux_corporate_server	2.1
mandrakesoft	mandrake_linux_corporate_server	2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
    },
    {
      "lang": "es",
      "value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
    }
  ],
  "id": "CVE-2004-0559",
  "lastModified": "2024-11-20T23:48:51.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0559

Vulnerability from cvelistv5

Published

2004-09-24 04:00