ID CVE-2001-0736
Summary Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
References
Vulnerable Configurations
  • cpe:2.3:a:immunix:immunix:6.2
    cpe:2.3:a:immunix:immunix:6.2
  • cpe:2.3:a:immunix:immunix:7.0
    cpe:2.3:a:immunix:immunix:7.0
  • cpe:2.3:a:immunix:immunix:7.0_beta
    cpe:2.3:a:immunix:immunix:7.0_beta
  • cpe:2.3:a:university_of_washington:pine:4.33
    cpe:2.3:a:university_of_washington:pine:4.33
  • Engarde Secure Linux 1.0.1
    cpe:2.3:o:engardelinux:secure_linux:1.0.1
  • MandrakeSoft Mandrake Linux 7.1
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.1
  • MandrakeSoft Mandrake Linux 7.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.2
  • MandrakeSoft Mandrake Linux 8.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:8.0
  • MandrakeSoft Mandrake Linux Corporate Server 1.0.1
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1
  • Red Hat Linux 5.2
    cpe:2.3:o:redhat:linux:5.2
  • Red Hat Linux 6.2
    cpe:2.3:o:redhat:linux:6.2
  • Red Hat Linux 7.0
    cpe:2.3:o:redhat:linux:7.0
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description University of Washington Pico 3.x/4.x File Overwrite Vulnerability. CVE-2001-0736. Local exploit for linux platform
id EDB-ID:20493
last seen 2016-02-02
modified 2000-12-11
published 2000-12-11
reporter mat
source https://www.exploit-db.com/download/20493/
title University of Washington Pico 3.x/4.x File Overwrite Vulnerability
nessus via4
NASL family Mandriva Local Security Checks
NASL id MANDRAKE_MDKSA-2001-047.NASL
description Versions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. Update : The packages for 7.1 and Corporate Server did not properly update the menu entries. These updated packages update the menu entries.
last seen 2019-02-21
modified 2018-07-19
plugin id 13866
published 2004-07-31
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=13866
title Mandrake Linux Security Advisory : pine (MDKSA-2001:047-1)
redhat via4
advisories
rhsa
id RHSA-2001:042
refmap via4
bugtraq
  • 20010416 Immunix OS Security update for pine
  • 20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities
mandrake MDKSA-2001:047
xf pine-tmp-file-symlink(6367)
Last major update 17-10-2016 - 22:11
Published 18-10-2001 - 00:00
Last modified 18-12-2017 - 21:29
Back to Top