7.1

CVE-2004-0689

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version < 3.3
DebianDebian Linux Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Broken Link
http://marc.info/?l=bugtraq&m=109225538901170&w=2
Mailing List
http://security.gentoo.org/glsa/glsa-200408-13.xml
Third Party Advisory
http://secunia.com/advisories/12276/
Patch
Vendor Advisory
Broken Link
http://www.debian.org/security/2004/dsa-539
Third Party Advisory
http://www.kde.org/info/security/advisory-20040811-1.txt
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334
Broken Link