Description
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Product(s):
- MandrakeSoft Mandrake Multi Network Firewall 8.2
- OpenSSL Project OpenSSL 0.9.6
- OpenSSL Project OpenSSL 0.9.6 Beta1
- OpenSSL Project OpenSSL 0.9.6 Beta2
- OpenSSL Project OpenSSL 0.9.6 Beta3
- OpenSSL Project OpenSSL 0.9.6a
- OpenSSL Project OpenSSL 0.9.6a Beta1
- OpenSSL Project OpenSSL 0.9.6a Beta2
- OpenSSL Project OpenSSL 0.9.6a Beta3
- OpenSSL Project OpenSSL 0.9.6b
- OpenSSL Project OpenSSL 0.9.6c
- OpenSSL Project OpenSSL 0.9.6d
- OpenSSL Project OpenSSL 0.9.6d Beta1
- OpenSSL Project OpenSSL 0.9.6e
- OpenSSL Project OpenSSL 0.9.6f
- OpenSSL Project OpenSSL 0.9.6g
- OpenSSL Project OpenSSL 0.9.6h
- OpenSSL Project OpenSSL 0.9.6i
- OpenSSL Project OpenSSL 0.9.6j
- OpenSSL Project OpenSSL 0.9.6k
- OpenSSL Project OpenSSL 0.9.6l
- OpenSSL Project OpenSSL 0.9.6m
- OpenSSL Project OpenSSL 0.9.7c
- OpenSSL Project OpenSSL 0.9.7d
- Gentoo Linux
- Gentoo Linux 1.2
- Gentoo Linux 1.4
- Gentoo Linux 1.4 -
- Gentoo Linux 1.4 rc1
- Gentoo Linux 1.4 rc2
- Gentoo Linux 1.4 rc3
- Gentoo Linux 2.1.30 r9
- Gentoo Linux 2.2.28 r7
- Gentoo Linux 2.3.30 r2
- MandrakeSoft Mandrake Linux 10.0
- Mandrakesoft Mandrake Linux 10.0 on AMD64
- MandrakeSoft Mandrake Linux 10.1
- Mandrakesoft Mandrake Linux 10.1 on x86_64
- MandrakeSoft Mandrake Linux 9.2
- Mandrakesoft Mandrake Linux 9.2 on AMD64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- Mandrakesoft Mandrake Linux Corporate Server 2.1 on x86_64
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0975, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0975 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.