Description
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Product(s):
- PostgreSQL PostgreSQL
- PostgreSQL 7.3.0
- PostgreSQL 7.3.1
- PostgreSQL 7.3.2
- PostgreSQL 7.3.3
- PostgreSQL 7.3.4
- PostgreSQL 7.3.5
- PostgreSQL 7.3.6
- PostgreSQL 7.3.7
- PostgreSQL PostgreSQL 7.4.1
- PostgreSQL PostgreSQL 7.4.2
- PostgreSQL PostgreSQL 7.4.3
- PostgreSQL PostgreSQL 7.4.4
- PostgreSQL PostgreSQL 7.4.5
- MandrakeSoft Mandrake Linux 10.0
- Mandrakesoft Mandrake Linux 10.0 on AMD64
- MandrakeSoft Mandrake Linux 10.1
- Mandrakesoft Mandrake Linux 10.1 on x86_64
- MandrakeSoft Mandrake Linux 9.2
- Mandrakesoft Mandrake Linux 9.2 on AMD64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- Mandrakesoft Mandrake Linux Corporate Server 2.1 on x86_64
- Red Hat Enterprise Linux 3.0 Advanced Server Edition
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation Server Edition
- Red Hat Desktop 3.0
- Trustix Secure Linux 2.0
- Trustix Secure Linux 2.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0977, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0977 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.