CVE-2003-0539

skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2003/dsa-343	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:::::::*
	cpe:2.3:a:redhat:daredevil_skk:11.3.2::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.3.5::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-6::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-8::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-10::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10::noarch:::::
	cpe:2.3:a:skk:skk:10.62a:::::::*

History

No history.

Information

Published : 2003-08-18 04:00

Updated : 2017-10-11 01:29

NVD link : CVE-2003-0539

Mitre link : CVE-2003-0539

CVE.ORG link : CVE-2003-0539

JSON object : View

Products Affected

ddskk

ddskk

redhat

daredevil_skk
ddskk-xemacs

skk

skk

CWE

NVD-CWE-Other

{"id": "CVE-2003-0539", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://www.debian.org/security/2003/dsa-343", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-242.html", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files."}, {"lang": "es", "value": "skk (programa de conversi\u00f3n Simple Kana a Kanji) 12.1 y anteriores, y el paquete ddskk basado en skk, crea ficheros temporales de forma no segura, lo que permite a usuarios locales sobreescribir ficheros arbitrarios."}], "lastModified": "2017-10-11T01:29:11.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "938E0EA9-D807-4D39-8724-0D407221F786"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.3.2:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F704FE85-A740-4941-B733-29A8F176B62E"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.3.5:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0165BBE-6BD6-43ED-809A-7A5A4724B3ED"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-6:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33611624-B62E-4C05-8877-9B0BC39719F5"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-8:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6EF27D8-ED1A-41F0-B6B0-CF7C232D1C4A"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-10:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F0FCA36-FA51-4134-A25C-BC7224CB7FC6"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "143B1AEB-14BF-4CE5-9B87-58CF3ECCD422"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FCF59B-DD32-4AF0-83FB-1AA09DD4414F"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46675C5-079B-44C6-B538-A027F104F5CB"}, {"criteria": "cpe:2.3:a:skk:skk:10.62a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E4F9BC9-4B91-4E25-B881-0D62201D915D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}