CVE-2004-0977

Published: Feb 9, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Affected (16)

Products: Postgresql: Postgresql · Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Enterprise Linux, Enterprise Linux Desktop · +1 more

Show all products

Postgresql: Postgresql · Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Enterprise Linux, Enterprise Linux Desktop · Trustix: Secure Linux

1 product

2 products

Mandrake Linux Corporate Server

2 products

Enterprise Linux

Enterprise Linux Desktop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	From 7.3.0 to 7.3.8
Postgresql Postgresql	From 7.4.0 to 7.4.6

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux Desktop	Version 3.0
Trustix Secure Linux	Version 2.0
Trustix Secure Linux	Version 2.1

References (22)

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300

Source: cve@mitre.org

Issue Tracking

http://marc.info/?l=bugtraq&m=109910073808903&w=2

Source: cve@mitre.org

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200410-16.xml

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2004/dsa-577

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:149

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2004-489.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/11295

Source: cve@mitre.org

PatchThird Party AdvisoryVDB EntryVendor Advisory

http://www.trustix.org/errata/2004/0050

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360

Source: cve@mitre.org

Broken Link

https://www.ubuntu.com/usn/usn-6-1/

Source: cve@mitre.org

Third Party Advisory

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

http://marc.info/?l=bugtraq&m=109910073808903&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200410-16.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2004/dsa-577

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:149

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2004-489.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/11295

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB EntryVendor Advisory

http://www.trustix.org/errata/2004/0050

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.ubuntu.com/usn/usn-6-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.