CVE-2004-0559

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

Published: Oct 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0559
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
usermin / usermin	1.070	1.070.x
webmin / webmin	1.0.20	1.0.20.x
usermin / usermin	1.040	1.040.x
usermin / usermin	1.060	1.060.x
webmin / webmin	1.1.50	1.1.50.x
webmin / webmin	1.0.60	1.0.60.x
usermin / usermin	1.080	1.080.x
webmin / webmin	1.1.00	1.1.00.x
webmin / webmin	1.1.30	1.1.30.x
webmin / webmin	1.1.21	1.1.21.x
webmin / webmin	1.0.00	1.0.00.x
webmin / webmin	1.0.90	1.0.90.x
usermin / usermin	1.010	1.010.x
webmin / webmin	1.1.40	1.1.40.x
usermin / usermin	1.020	1.020.x
usermin / usermin	1.051	1.051.x
usermin / usermin	1.000	1.000.x
usermin / usermin	1.030	1.030.x
webmin / webmin	1.0.70	1.0.70.x
webmin / webmin	1.0.50	1.0.50.x
webmin / webmin	1.0.80	1.0.80.x
webmin / webmin	1.1.10	1.1.10.x
mandrakesoft / mandrake_linux_corporate_server	2.1	2.1.x
mandrakesoft / mandrake_linux	9.2	9.2.x
mandrakesoft / mandrake_linux	10.0	10.0.x

Vulnerability Database

289,599

CVE-2004-0559