Search for vulnerabilities
Vulnerability details: VCID-nxu2-un9y-aaan
Vulnerability ID VCID-nxu2-un9y-aaan
Aliases CVE-2004-0971
Summary The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2005:012
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2004-0971
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1617336
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2004-0971
Reference id Reference type URL
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json
https://api.first.org/data/v1/epss?cve=CVE-2004-0971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
1617336 https://bugzilla.redhat.com/show_bug.cgi?id=1617336
278271 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271
cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
CVE-2004-0971 https://nvd.nist.gov/vuln/detail/CVE-2004-0971
RHSA-2005:012 https://access.redhat.com/errata/RHSA-2005:012
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2004-0971
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.