CVE-2001-0556 - The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files

CVE-2001-0556

Summary

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.

References

http://www.debian.org/security/2001/dsa-053
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
http://www.nedit.org/archives/develop/2001-Feb/0391.html
http://www.novell.com/linux/security/advisories/2001_014_nedit.html
http://www.redhat.com/support/errata/RHSA-2001-061.html
http://www.securityfocus.com/archive/1/180237
http://www.securityfocus.com/bid/2667

Vulnerable Configurations

cpe:2.3:a:nedit:nedit:*:*:*:*:*:*:*:*
cpe:2.3:a:nedit:nedit:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 10-09-2008 - 19:08)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa

id	RHSA-2001:061

refmap via4

bid	2667
bugtraq	20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...)
confirm	http://www.nedit.org/archives/develop/2001-Feb/0391.html
debian	DSA-053
mandrake	MDKSA-2001:042
suse	SuSE-SA:2001:14

Last major update

10-09-2008 - 19:08

Published

22-08-2001 - 04:00

Last modified

10-09-2008 - 19:08