CVE-2004-0974

Published: Feb 9, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Affected (13)

Products: Netatalk: Open Source Apple File Share Protocol Suite · Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Fedora Core

Netatalk

1 product

Open Source Apple File Share Protocol Suite

Mandrakesoft

2 products

Mandrake Linux

Mandrake Linux Corporate Server

Redhat

1 product

Fedora Core

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Netatalk Open Source Apple File Share Protocol Suite	Version 1.5_pre6
Netatalk Open Source Apple File Share Protocol Suite	Version 1.6.1
Netatalk Open Source Apple File Share Protocol Suite	Version 1.6.4

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Redhat Fedora Core	Version core_2.0
Redhat Fedora Core	Version core_3.0

References (6)

http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml

Source: cve@mitre.org

PatchVendor Advisory

http://www.trustix.org/errata/2004/0050

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.trustix.org/errata/2004/0050

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.