script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2001/Dec/0122.html - Mailing List, Third Party Advisory | |
References | () http://seclists.org/bugtraq/2001/Dec/0123.html - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/16785 - Broken Link | |
References | () http://secunia.com/advisories/18502 - Broken Link | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2005-782.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/16280 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 - Broken Link |
26 Jan 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CWE | CWE-59 | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-782.html - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/16785 - Broken Link | |
References | (MISC) http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm - Third Party Advisory | |
References | (BUGTRAQ) http://seclists.org/bugtraq/2001/Dec/0122.html - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://seclists.org/bugtraq/2001/Dec/0123.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/16280 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/18502 - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 - Broken Link | |
CPE | cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:intuity_lx:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:* cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:integrated_management_suit:*:*:*:*:*:*:*:* |
Information
Published : 2001-12-31 05:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1494
Mitre link : CVE-2001-1494
CVE.ORG link : CVE-2001-1494
JSON object : View
Products Affected
avaya
- integrated_management_suit
- interactive_response
- intuity_lx
- messaging_storage_server
- message_networking
- cvlan
kernel
- util-linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')