7.2

CVE-2000-1134

Exploit
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImmunixImmunix Version6.2
ConectivaLinux Version4.0
ConectivaLinux Version4.0es
ConectivaLinux Version4.1
ConectivaLinux Version4.2
ConectivaLinux Version5.0
ConectivaLinux Version5.1
CalderaOpenlinux Edesktop Version2.4
CalderaOpenlinux Eserver Version2.3
HpHp-ux Version11.11
MandrakesoftMandrake Linux Version6.0
MandrakesoftMandrake Linux Version6.1
MandrakesoftMandrake Linux Version7.0
MandrakesoftMandrake Linux Version7.1
MandrakesoftMandrake Linux Version7.2
RedhatLinux Version5.2
RedhatLinux Version6.0
RedhatLinux Version6.1
RedhatLinux Version6.2
RedhatLinux Version6.2e
SuseSuse Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.693
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
Patch
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
http://marc.info/?l=bugtraq&m=97561816504170&w=2
http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
http://www.debian.org/security/2000/20001111a
http://www.kb.cert.org/vuls/id/10277
US Government Resource
http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
http://www.redhat.com/support/errata/RHSA-2000-117.html
http://www.redhat.com/support/errata/RHSA-2000-121.html
http://www.securityfocus.com/archive/1/146657
http://www.securityfocus.com/bid/1926
http://www.securityfocus.com/bid/2006
Patch
Vendor Advisory
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047