CVE-2004-0689

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 Broken Link
http://marc.info/?l=bugtraq&m=109225538901170&w=2 Mailing List
http://secunia.com/advisories/12276/ Broken Link Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-13.xml Third Party Advisory
http://www.debian.org/security/2004/dsa-539 Third Party Advisory
http://www.kde.org/info/security/advisory-20040811-1.txt Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 Broken Link
http://marc.info/?l=bugtraq&m=109225538901170&w=2 Mailing List
http://secunia.com/advisories/12276/ Broken Link Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-13.xml Third Party Advisory
http://www.debian.org/security/2004/dsa-539 Third Party Advisory
http://www.kde.org/info/security/advisory-20040811-1.txt Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-09-28 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0689

Mitre link : CVE-2004-0689

CVE.ORG link : CVE-2004-0689

JSON object : View

Products Affected

kde

  • kde

debian

  • debian_linux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')