Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0823

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0823
Last Modified 05 Sep 2008 04:25:00
Published 06 Dec 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0823

Summary

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

Vulnerable Systems

Application

  • Sgi Performance Co-pilot 2.1.1

  • Sgi Performance Co-pilot 2.1.10

  • Sgi Performance Co-pilot 2.1.11

  • Sgi Performance Co-pilot 2.1.2

  • Sgi Performance Co-pilot 2.1.3

  • Sgi Performance Co-pilot 2.1.4

  • Sgi Performance Co-pilot 2.1.5

  • Sgi Performance Co-pilot 2.1.6

  • Sgi Performance Co-pilot 2.1.7

  • Sgi Performance Co-pilot 2.1.8

  • Sgi Performance Co-pilot 2.1.9

  • Sgi Performance Co-pilot 2.2


References

XF - irix-pcp-pmpost-symlink(6724)

BID - 2887

BUGTRAQ - 20010619 Re: pmpost - another nice symlink follower

SGI - 20010601-01-A

BUGTRAQ - 20010618 pmpost - another nice symlink follower


Last Updated: 27 May 2016 10:36:24