CVE-2004-0975
openssl - insecure temporary file
EPSS 0.08%
Description
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
How to fix CVE-2004-0975
To remediate CVE-2004-0975, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.7e-3 or later
- Debian/openssl—upgrade to 0.9.6c-2.woody.7 or later
Is CVE-2004-0975 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.9.7e-3
- from 0, < 0.9.6c-2.woody.7