CVE-2004-0689

Sažetak

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
http://marc.info/?l=bugtraq&m=109225538901170&w=2
http://secunia.com/advisories/12276/
http://security.gentoo.org/glsa/glsa-200408-13.xml
http://www.debian.org/security/2004/dsa-539
http://www.kde.org/info/security/advisory-20040811-1.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

26-01-2024 - 17:06

Objavljeno

28-09-2004 - 04:00