Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0211

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2002-0211
Last Modified 10 Sep 2008 08:00:43
Published 16 May 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2002-0211

Summary

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Vulnerable Systems

Application

  • Tarantella Enterprise 3.3.0

  • Tarantella Enterprise 3.3.0.1

  • Tarantella Enterprise 3.3.10

  • Tarantella Enterprise 3.3.11

  • Tarantella Enterprise 3.3.20


References

CONFIRM - http://www.tarantella.com/security/bulletin-04.html

XF - tarantella-gunzip-tmp-race(7996)

BUGTRAQ - 20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)

BUGTRAQ - 20020126 Vulnerability report for Tarantella Enterprise 3.

BID - 3966


Last Updated: 27 May 2016 10:36:50