script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2001/Dec/0122.html | Mailing List Third Party Advisory |
http://seclists.org/bugtraq/2001/Dec/0123.html | Mailing List Third Party Advisory |
http://secunia.com/advisories/16785 | Broken Link |
http://secunia.com/advisories/18502 | Broken Link |
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm | Third Party Advisory |
http://www.redhat.com/support/errata/RHSA-2005-782.html | Broken Link Vendor Advisory |
http://www.securityfocus.com/bid/16280 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 | Third Party Advisory VDB Entry |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 | Broken Link |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
26 Jan 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2001/Dec/0122.html - Mailing List, Third Party Advisory | |
References | () http://seclists.org/bugtraq/2001/Dec/0123.html - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/16785 - Broken Link | |
References | () http://secunia.com/advisories/18502 - Broken Link | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2005-782.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/16280 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 - Broken Link | |
CPE | cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:intuity_lx:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:integrated_management_suit:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:* cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:* |
|
First Time |
Avaya
Avaya messaging Storage Server Avaya message Networking Avaya interactive Response Kernel util-linux Avaya intuity Lx Avaya cvlan Kernel Avaya integrated Management Suit |
|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CWE | CWE-59 |
Information
Published : 2001-12-31 05:00
Updated : 2024-01-26 17:16
NVD link : CVE-2001-1494
Mitre link : CVE-2001-1494
CVE.ORG link : CVE-2001-1494
JSON object : View
Products Affected
kernel
- util-linux
avaya
- message_networking
- messaging_storage_server
- interactive_response
- cvlan
- intuity_lx
- integrated_management_suit
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')