5.5

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.344
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://seclists.org/bugtraq/2001/Dec/0122.html
Third Party Advisory
Mailing List
http://seclists.org/bugtraq/2001/Dec/0123.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/16785
Broken Link
http://secunia.com/advisories/18502
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-782.html
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/16280
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
Broken Link