| ID |
CVE-2000-1137
|
| Summary |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gnu:ed:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:ed:2.15:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:ed:2.16tr:*:*:*:*:*:*:*
cpe:2.3:a:gnu:ed:2.16tr:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:ed:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:ed:2.18:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:ed:2.18.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:ed:2.18.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.6 (as of 03-05-2018 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
|
| refmap
via4
|
| bugtraq | 20001211 Immunix OS Security update for ed | | conectiva | CLA-2000:359-2 | | debian | 20001129 DSA-001-1 ed: symlink attack | | mandrake | MDKSA-2000:076 | | osvdb | 6491 | | xf | gnu-ed-symlink(5723) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
03-05-2018 - 01:29 |
| Published |
09-01-2001 - 05:00 |
| Last modified |
03-05-2018 - 01:29 |
