Executive Summary

Title gettext vulnerabilities
Name USN-5-1 First vendor Publication 2004-10-27
Vendor Ubuntu Last vendor Modification 2004-10-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 0.14.1-2ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the gettext package. The programs "autopoint" and "gettextize" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

Original Source

Url : http://www.ubuntu.com/usn/USN-5-1

CPE : Common Platform Enumeration

Application 1
Os 2

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-10 (gettext)
File : nvt/glsa_200410_10.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
10646 GNU gettext Multiple Script Temporary File Symlink Arbitrary File Overwrite

GNU gettext contains a flaw that may allow a malicious local user to overwrite arbitrary files. The issue is due to temporary files being created insecurely. It is possible that the flaw may allow a malicious user to overwrite arbitrary files resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-5-1.nasl - Type : ACT_GATHER_INFO
2004-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200410-10.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 12:04:33
  • Multiple Updates