1. CVE-Search
  2. CVE-2000-1134
ID CVE-2000-1134
Summary Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
References
Vulnerable Configurations
  • cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:4.0es:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:4.1:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*
    cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*
    cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
    cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2e:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2e:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2006-09-27T12:29:23.796-04:00
class vulnerability
contributors
  • name Brian Soby
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
description redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
family unix
id oval:org.mitre.oval:def:4047
status accepted
submitted 2005-01-19T12:00:00.000-04:00
title Shell Redirect Symlink Attack Vulnerability
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2000:117
  • rhsa
    id RHSA-2000:121
refmap via4
bid
  • 1926
  • 2006
bugtraq
  • 20001028 tcsh: unsafe tempfile in << redirects
  • 20001128 /bin/sh creates insecure tmp files
  • 20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
caldera
  • CSSA-2000-042.0
  • CSSA-2000-043.0
cert-vn VU#10277
compaq SSRT1-41U
conectiva
  • CLA-2000:350
  • CLSA-2000:354
debian 20001111a
freebsd FreeBSD-SA-00:76
mandrake
  • MDKSA-2000-069
  • MDKSA-2000:075
sgi 20011103-02-P
Last major update 19-10-2017 - 01:29
Published 09-01-2001 - 05:00
Last modified 19-10-2017 - 01:29
Back to Top