CVE-2004-0967

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

Published: Feb 9, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0967
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
aladdin_enterprises / ghostscript	5.10.15	5.10.15.x
aladdin_enterprises / ghostscript	6.53	6.53.x
aladdin_enterprises / ghostscript	6.51	6.51.x
aladdin_enterprises / ghostscript	5.50.8	5.50.8.x
aladdin_enterprises / ghostscript	5.10.10	5.10.10.x
aladdin_enterprises / ghostscript	5.50.8_7	5.50.8_7.x
aladdin_enterprises / ghostscript	4.3	4.3.x
aladdin_enterprises / ghostscript	5.50	5.50.x
aladdin_enterprises / ghostscript	7.0.6	7.0.6.x
aladdin_enterprises / ghostscript	5.10.10_1	5.10.10_1.x
aladdin_enterprises / ghostscript	5.10.12cl	5.10.12cl.x
aladdin_enterprises / ghostscript	7.0.5	7.0.5.x
aladdin_enterprises / ghostscript	5.10cl	5.10cl.x
aladdin_enterprises / ghostscript	4.3.2	4.3.2.x
aladdin_enterprises / ghostscript	7.0.7	7.0.7.x
aladdin_enterprises / ghostscript	6.52	6.52.x
aladdin_enterprises / ghostscript	5.10.16	5.10.16.x
aladdin_enterprises / ghostscript	7.0.4	7.0.4.x

Vulnerability Database

289,599

CVE-2004-0967