Description
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html
Mailing List vendor-advisory
x_refsource_openpkg
http://marc.info/?l=bugtraq&m=110382652226638&w=2
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11282
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2004/0050
Issue Tracking x_refsource_confirm
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://www.ubuntu.com/usn/usn-5-1/
Various Sources vendor-advisory
x_refsource_mandriva
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:051
Scores
EPSS
0.0008
EPSS Percentile
22.5%
Details
Status
published
Products (2)
gnu/gettext
0.14.1
ubuntu/ubuntu_linux
4.1 (2 CPE variants)
Published
Feb 09, 2005
Tracked Since
Feb 18, 2026