Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1494

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1494
Last Modified 21 Aug 2010 12:09:05
Published 31 Dec 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1494

Summary

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

Vulnerable Systems

Application

  • Andries Brouwer Util-linux 2.11m


References

XF - util-linux-script-hardlink(7718)

REDHAT - RHSA-2005:782

BUGTRAQ - 20011212 Silly 'script' hardlink bug

BUGTRAQ - 20011213 Silly 'script' hardlink bug - fixed

BID - 16280

MISC - http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm

SECUNIA - 18502

SECUNIA - 16785


Last Updated: 27 May 2016 10:36:41