CVE-2003-0539

skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2003/dsa-343	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28
http://www.debian.org/security/2003/dsa-343	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:::::::*
	cpe:2.3:a:redhat:daredevil_skk:11.3.2::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.3.5::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-6::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-8::noarch:::::
	cpe:2.3:a:redhat:daredevil_skk:11.6.0-10::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8::noarch:::::
	cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10::noarch:::::
	cpe:2.3:a:skk:skk:10.62a:::::::*

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://www.debian.org/security/2003/dsa-343 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2003/dsa-343 - Patch, Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2003-242.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-242.html -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28 -

Information

Published : 2003-08-18 04:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0539

Mitre link : CVE-2003-0539

CVE.ORG link : CVE-2003-0539

JSON object : View

Products Affected

redhat

ddskk-xemacs
daredevil_skk

ddskk

ddskk

skk

skk

CWE

NVD-CWE-Other

{"id": "CVE-2003-0539", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://www.debian.org/security/2003/dsa-343", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-242.html", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2003/dsa-343", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-242.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files."}, {"lang": "es", "value": "skk (programa de conversi\u00f3n Simple Kana a Kanji) 12.1 y anteriores, y el paquete ddskk basado en skk, crea ficheros temporales de forma no segura, lo que permite a usuarios locales sobreescribir ficheros arbitrarios."}], "lastModified": "2024-11-20T23:44:58.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "938E0EA9-D807-4D39-8724-0D407221F786"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.3.2:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F704FE85-A740-4941-B733-29A8F176B62E"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.3.5:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0165BBE-6BD6-43ED-809A-7A5A4724B3ED"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-6:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33611624-B62E-4C05-8877-9B0BC39719F5"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-8:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6EF27D8-ED1A-41F0-B6B0-CF7C232D1C4A"}, {"criteria": "cpe:2.3:a:redhat:daredevil_skk:11.6.0-10:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F0FCA36-FA51-4134-A25C-BC7224CB7FC6"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "143B1AEB-14BF-4CE5-9B87-58CF3ECCD422"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FCF59B-DD32-4AF0-83FB-1AA09DD4414F"}, {"criteria": "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10:*:noarch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46675C5-079B-44C6-B538-A027F104F5CB"}, {"criteria": "cpe:2.3:a:skk:skk:10.62a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E4F9BC9-4B91-4E25-B881-0D62201D915D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}