1.2 - CVE-2003-0438

Executive Summary

Informations
Name	CVE-2003-0438	First vendor Publication	2003-07-24
Vendor	Cve	Last vendor Modification	2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score	1.2	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	High
Cvss Expoit Score	1.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0438

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 325-1 (eldav) File : nvt/deb_325_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
2203	eldav Insecure Temporary File Creation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 325-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman June 19th, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : eldav Vulnerability : insecure temporary file Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0438 eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav. For the stable distribution (woody) this problem has been fixed in version 0.0.20020411-1woody1. The old stable distribution (potato) does not contain an eldav package. For the unstable distribution (sid) this problem has been fixed in version 0.7.2-1. We recommend that you update your eldav package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.dsc Size/MD5 checksum: 592 9dd06517b53570a595d5c368924ceda1 http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.diff.gz Size/MD5 checksum: 3814 c4400b418452e1aea9a115a2af82e1aa http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411.orig.tar.gz Size/MD5 checksum: 12319 3b62e4b9b05eb1c8ef27e9f5d3b98db2 Architecture independent components: http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1_all.deb Size/MD5 checksum: 15546 5dc5beca6a1c57b5a4b32968ebc07da4 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+8iAwArxCt0PiXR4RArGiAJ0dsiLwzY7T1kS61iKbSfIQeq2YRQCgvNkx /eVKdD6yTvGG2Vw0/ipLy8M= =zUSA -----END PGP SIGNATURE-----

Description

2203

eldav Insecure Temporary File Creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 325-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman June 19th, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : eldav Vulnerability : insecure temporary file Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0438 eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav. For the stable distribution (woody) this problem has been fixed in version 0.0.20020411-1woody1. The old stable distribution (potato) does not contain an eldav package. For the unstable distribution (sid) this problem has been fixed in version 0.7.2-1. We recommend that you update your eldav package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.dsc Size/MD5 checksum: 592 9dd06517b53570a595d5c368924ceda1 http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.diff.gz Size/MD5 checksum: 3814 c4400b418452e1aea9a115a2af82e1aa http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411.orig.tar.gz Size/MD5 checksum: 12319 3b62e4b9b05eb1c8ef27e9f5d3b98db2 Architecture independent components: http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1_all.deb Size/MD5 checksum: 15546 5dc5beca6a1c57b5a4b32968ebc07da4 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+8iAwArxCt0PiXR4RArGiAJ0dsiLwzY7T1kS61iKbSfIQeq2YRQCgvNkx /eVKdD6yTvGG2Vw0/ipLy8M= =zUSA -----END PGP SIGNATURE-----

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-325.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.debian.org/security/2003/dsa-325

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:23:28	Multiple Updates
2024-11-28 12:05:37	Multiple Updates
2021-04-22 01:02:10	Multiple Updates
2020-05-23 01:35:57	Multiple Updates
2020-05-23 00:15:25	Multiple Updates
2014-02-17 10:26:15	Multiple Updates
2013-05-11 11:51:23	Multiple Updates

Global Informations

Type	Count
Sources(s)	1
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
1.2	DSA-325
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

1.2 - CVE-2003-0438

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU