CVE-2004-0977

PostgreSQL <7.4.5 - Local File Overwrite

Title source: llm

Description

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

References (11)

[Issue Tracking] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300

[Third Party Advisory] http://marc.info/?l=bugtraq&m=109910073808903&w=2

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200410-16.xml

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-577

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:149

[Broken Link] http://www.redhat.com/support/errata/RHSA-2004-489.html

[Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/11295

[Third Party Advisory] http://www.trustix.org/errata/2004/0050

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360

[Third Party Advisory] https://www.ubuntu.com/usn/usn-6-1/

Scores

EPSS 0.0009

EPSS Percentile 25.1%

Classification

Status draft

Affected Products (15)

postgresql/postgresql < 7.3.8

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux_corporate_server

mandrakesoft/mandrake_linux_corporate_server

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux_desktop

trustix/secure_linux

trustix/secure_linux

Timeline

Published Feb 09, 2005

Tracked Since Feb 18, 2026