CVE-2003-0603 | Vulnerability Database | Aqua Security

Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.10 (including)	2.10 (including)
Bugzilla	Mozilla	2.12 (including)	2.12 (including)
Bugzilla	Mozilla	2.14 (including)	2.14 (including)
Bugzilla	Mozilla	2.14.1 (including)	2.14.1 (including)
Bugzilla	Mozilla	2.14.2 (including)	2.14.2 (including)
Bugzilla	Mozilla	2.14.3 (including)	2.14.3 (including)
Bugzilla	Mozilla	2.14.4 (including)	2.14.4 (including)
Bugzilla	Mozilla	2.14.5 (including)	2.14.5 (including)
Bugzilla	Mozilla	2.16 (including)	2.16 (including)
Bugzilla	Mozilla	2.16.1 (including)	2.16.1 (including)
Bugzilla	Mozilla	2.16.2 (including)	2.16.2 (including)
Bugzilla	Mozilla	2.17 (including)	2.17 (including)
Bugzilla	Mozilla	2.17.1 (including)	2.17.1 (including)
Bugzilla	Mozilla	2.17.3 (including)	2.17.3 (including)

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000653
http://www.bugzilla.org/security/2.16.2/
http://www.securityfocus.com/bid/7412
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000653
http://www.bugzilla.org/security/2.16.2/
http://www.securityfocus.com/bid/7412

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0603
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html