[Japanese]

JVNDB-2003-000242

skk Arbitrary Code Execution Vulnerability

Overview

skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.
CVSS Severity (What is CVSS?)

Base Metrics: 4.6 (Medium) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


SKK Openlab
  • SKK priort to version 12.1
Red Hat, Inc.
  • Red Hat Linux 7.1
  • Red Hat Linux 7.1 for zSeries
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0
  • Red Hat Linux 9

Impact

An local attacker could overwrite arbitrary files.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

SKK Openlab Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2003-0539
References

  1. National Vulnerability Database (NVD) : CVE-2003-0539
  2. SecurityFocus : 8144
Revision History

[2008/05/21]
  Web page published

Date Public2003/08/11
Date First Published2008/05/21
Date Last Updated2008/05/21