Executive Summary

Informations
Name CVE-2004-2231 First vendor Publication 2004-12-31
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 1.2 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2231

Open Source Vulnerability Database (OSVDB)

Id Description
8236 InstallAnywhere Insecure Temporary File Creation

InstallAnywhere contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the program creating insecure temporary files in the "/tmp" directory during installation, allowing for symlink attacks. This flaw may lead to a loss of confidentiality and/or integrity.

Sources (Detail)

http://secunia.com/advisories/12129
http://vapid.dhs.org/zerogadv.txt
http://www.idefense.com/application/poi/display?id=82&type=vulnerabilities
http://www.osvdb.org/8236
http://www.securityfocus.com/bid/10808
https://exchange.xforce.ibmcloud.com/vulnerabilities/16791
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2024-11-28 23:22:43
  • Multiple Updates
2024-11-28 12:06:30
  • Multiple Updates
2020-05-23 00:16:08
  • Multiple Updates
2017-07-11 12:01:43
  • Multiple Updates
2016-06-28 15:10:09
  • Multiple Updates
2016-04-26 13:07:30
  • Multiple Updates
2013-05-11 11:47:53
  • Multiple Updates