[Japanese]

JVNDB-2003-000242

skk Arbitrary Code Execution Vulnerability

Overview

skk (Simple Kana to Kanji conversion software) would create an insecure temporary file without taking proper security precautions.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.6 (Medium) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


SKK Openlab
  • SKK priort to version 12.1
Red Hat, Inc.
  • Red Hat Linux 7.1
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0
  • Red Hat Linux 9
  • Red Hat Linux 7.1 for zSeries

Impact

An local attacker could overwrite arbitrary files.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

SKK Openlab Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2003-0539
References

  1. National Vulnerability Database (NVD) : CVE-2003-0539
  2. SecurityFocus : 8144
Revision History

  • [2008/05/21]
      Web page published