Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1145

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2001-1145
Last Modified 10 Sep 2008 03:09:45
Published 17 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2001-1145

Summary

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Vulnerable Systems

Operating System

  • Freebsd 4.3

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Openbsd 2.9


References

OPENBSD - 20010530 029: SECURITY FIX: May 30, 2001

NETBSD - NetBSD-SA2001-016

BID - 3205

OSVDB - 5466

XF - bsd-fts-race-condition(8715)

FREEBSD - FreeBSD-SA-01:40


Last Updated: 27 May 2016 10:36:32