{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:10284", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"}, {"name": "script-temporary-file-overwrite(17583)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"}, {"name": "19799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19799"}, {"name": "2004-0050", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2004/0050"}, {"name": "20056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20056"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"}, {"name": "SCOSA-2006.23", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"}, {"name": "16997", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16997"}, {"name": "RHSA-2005:081", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"}, {"name": "17135", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17135"}, {"name": "USN-3-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://www.ubuntu.com/usn/usn-3-1/"}, {"name": "11285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11285"}, {"name": "SCOSA-2006.19", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0967", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:10284", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"}, {"name": "script-temporary-file-overwrite(17583)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"}, {"name": "19799", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19799"}, {"name": "2004-0050", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0050"}, {"name": "20056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20056"}, {"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321", "refsource": "CONFIRM", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"}, {"name": "SCOSA-2006.23", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"}, {"name": "16997", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16997"}, {"name": "RHSA-2005:081", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"}, {"name": "17135", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17135"}, {"name": "USN-3-1", "refsource": "UBUNTU", "url": "https://www.ubuntu.com/usn/usn-3-1/"}, {"name": "11285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11285"}, {"name": "SCOSA-2006.19", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:38:59.590Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:10284", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"}, {"name": "script-temporary-file-overwrite(17583)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"}, {"name": "19799", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19799"}, {"name": "2004-0050", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2004/0050"}, {"name": "20056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20056"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"}, {"name": "SCOSA-2006.23", "tags": ["vendor-advisory", "x_refsource_SCO", "x_transferred"], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"}, {"name": "16997", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16997"}, {"name": "RHSA-2005:081", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"}, {"name": "17135", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17135"}, {"name": "USN-3-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://www.ubuntu.com/usn/usn-3-1/"}, {"name": "11285", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11285"}, {"name": "SCOSA-2006.19", "tags": ["vendor-advisory", "x_refsource_SCO", "x_transferred"], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0967", "datePublished": "2004-10-20T04:00:00.000Z", "dateReserved": "2004-10-19T00:00:00.000Z", "dateUpdated": "2024-08-08T00:38:59.590Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "563638C2-75D6-4EBB-BE65-A2DBCB9B2425", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "688546DF-EEA4-49DD-AB36-EE542EB51931", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*", "matchCriteriaId": "31868FF9-396E-43F3-87CC-99653D2EEB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:mdk:*:*:*:*:*", "matchCriteriaId": "9D8853B6-08C4-467B-8B2C-5636A2E6535B", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10_1:*:*:*:*:*:*:*", "matchCriteriaId": "A77665EE-BD4A-46F4-9FD4-AF4B85519938", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10_1:*:mdk:*:*:*:*:*", "matchCriteriaId": "0204AB31-487C-48CF-9E95-C9FAC201AA43", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.12cl:*:*:*:*:*:*:*", "matchCriteriaId": "9ED505EB-D306-4B32-8548-3B6F040C972D", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*", "matchCriteriaId": "65386D8C-7D7C-464A-839D-6B4B39F724BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.16:*:*:*:*:*:*:*", "matchCriteriaId": "8C4D3797-3953-4030-BAFE-FD427E4CDC1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:*", "matchCriteriaId": "5FB97AFC-64CA-4B20-8BB6-DFF70225400D", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*", "matchCriteriaId": "718E9B80-DD01-45E5-B61C-B5BA2036262F", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50.8:*:*:*:*:*:*:*", "matchCriteriaId": "971EDCE7-B3B1-4D85-9E8D-56DA8E5C0934", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:5.50.8_7:*:*:*:*:*:*:*", "matchCriteriaId": "6D4EA720-85DB-4E00-853A-83EF85852F51", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.51:*:*:*:*:*:*:*", "matchCriteriaId": "B9001A11-30B4-4ABB-BA76-4A96203260AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.52:*:*:*:*:*:*:*", "matchCriteriaId": "E6CE4BD3-3625-4815-84FF-3AAE091846BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:6.53:*:*:*:*:*:*:*", "matchCriteriaId": "575962D6-91D5-41AF-AF88-D61F4E32BD6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FB5CC32-6B1F-4C57-B969-953AB539A9AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F9F05F06-F884-4636-AD6E-664E841BEE9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "2F003331-1740-4087-B5B7-4687FF78A1E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:aladdin_enterprises:ghostscript:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "20C1DB4C-1A32-4E95-A117-690AA4449C61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."}], "id": "CVE-2004-0967", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-02-09T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"}, {"source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"}, {"source": "cve@mitre.org", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/16997"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17135"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19799"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20056"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11285"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2004/0050"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"}, {"source": "cve@mitre.org", "url": "https://www.ubuntu.com/usn/usn-3-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/16997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-081.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2004/0050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.ubuntu.com/usn/usn-3-1/"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.", "lastModified": "2007-09-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:081", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "ghostscript-0:7.05-32.1.10", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2005-09-28T00:00:00Z"}], "bugzilla": {"description": "temporary file vulnerabilities in various ghostscript scripts.", "id": "140074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=140074"}, "csaw": false, "details": ["The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files."], "name": "CVE-2004-0967", "public_date": "2004-09-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-0967\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-0967"], "statement": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.", "threat_severity": "Low"}

{}