Vulnerabilities > CVE-2004-0770 - Symbolic Link vulnerability in DGen Emulator

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

dgen

debian

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

Vulnerable Configurations

Part	Description	Count
Application	Dgen Dgen Emulator 1.15 Dgen Emulator 1.16 Dgen Emulator 1.17 Dgen Emulator 1.18 Dgen Emulator 1.20 Dgen Emulator 1.20_A Dgen Emulator 1.21 Dgen Emulator 1.22 Dgen Emulator 1.23	9
OS	Debian Debian Debian Linux 3.0	12

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263282&archive=yes
http://secunia.com/advisories/12214
http://www.securityfocus.com/bid/10855
https://exchange.xforce.ibmcloud.com/vulnerabilities/16884