FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0967

This CVE name corresponds to:

Entered Topic
2005-11-27 ghostscript -- insecure temporary file creation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0967
Phase Assigned(20041019)

Description

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

References

Source Reference
REDHAT RHSA-2005:081
SCO SCOSA-2006.23
SCO SCOSA-2006.19
TRUSTIX 2004-0050
CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321
UBUNTU USN-3-1
BID 11285
OVAL oval:org.mitre.oval:def:10284
SECUNIA 17135
SECUNIA 16997
SECUNIA 20056
SECUNIA 19799
XF script-temporary-file-overwrite(17583)