cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html | Broken Link Exploit Vendor Advisory |
http://marc.info/?l=bugtraq&m=105839150004682&w=2 | Mailing List |
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html | Broken Link Exploit Vendor Advisory |
http://marc.info/?l=bugtraq&m=105839150004682&w=2 | Mailing List |
Configurations
History
20 Nov 2024, 23:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html - Broken Link, Exploit, Vendor Advisory | |
References | () http://marc.info/?l=bugtraq&m=105839150004682&w=2 - Mailing List |
26 Jan 2024, 17:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-59 | |
References | (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html - Broken Link, Exploit, Vendor Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=105839150004682&w=2 - Mailing List |
Information
Published : 2003-08-18 04:00
Updated : 2024-11-20 23:45
NVD link : CVE-2003-0578
Mitre link : CVE-2003-0578
CVE.ORG link : CVE-2003-0578
JSON object : View
Products Affected
ibm
- u2_universe
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')