Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
OpenSSL: Insecure Temporary File Creation (CVE-2004-0975) (Linux)
Information
Severity
Severity
Low
Family
Family
General
CVSSv2 Base
CVSSv2 Base
2.1
CVSSv2 Vector
CVSSv2 Vector
AV:L/AC:L/Au:N/C:N/I:P/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
2 years ago
Modified
Modified
2 years ago
Summary
OpenSSL is prone to an insecure temporary file creation vulnerability.
Insight
Insight
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution.
Affected Software
Affected Software
OpenSSL 0.9.6 through 0.9.6m and 0.9.7 through 0.9.7e.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update OpenSSL to version 0.9.7f or later.