VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1382

CVE-2004-1382

Description

glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via symlink attack on temporary files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via symlink attack on temporary files.

Vulnerability

The glibcbug script in glibc versions 2.3.4 and earlier creates temporary files in an insecure manner, allowing a symlink attack to overwrite arbitrary files. This vulnerability is distinct from CVE-2004-0968 and affects glibc up to version 2.3.4 [1].

Exploitation

A local attacker can create a symbolic link with the predictable temporary file name used by glibcbug. When a user invokes glibcbug, the script writes to the location pointed to by the symlink, overwriting any file writable by the user. No authentication or special privileges beyond local access are required [1].

Impact

An attacker can overwrite arbitrary files with the privileges of the user running glibcbug, potentially leading to privilege escalation or denial of service. The impact depends on the file overwritten [1].

Mitigation

Ubuntu 4.10 (Warty Warthog) provided a fixed libc6 package version 2.3.2.ds1-13ubuntu2.2 [1]. Users should upgrade to this or a later patched version. Red Hat and other vendors may have released updates; consult vendor advisories. If no patch is available, avoid running the glibcbug script or ensure strict permissions on temporary directories.

References
  1. '[USN-4-1] Standard C library script vulnerabilities'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

27
  • GNU/Glibc26 versions
    cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
  • Bminor/Glibcllm-fuzzy
    Range: <=2.3.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.