Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0973

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2001-0973
Last Modified 05 Sep 2008 04:25:22
Published 31 Aug 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0973

Summary

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

Vulnerable Systems

Application

  • Fraunhofer Fit Bscw 3.3

  • Fraunhofer Fit Bscw 3.3.1

  • Fraunhofer Fit Bscw 3.4.1

  • Fraunhofer Fit Bscw 3.4.3

  • Fraunhofer Fit Bscw 4.0.1 Beta

  • Fraunhofer Fit Bscw 4.0.2 Beta


References

CERT-VN - VU#465971

CONFIRM - http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt

BUGTRAQ - 20010822 BSCW symlink vulnerability

BID - 3227

XF - bscw-extracted-file-symlink(7029)


Last Updated: 27 May 2016 10:36:28