CVE-2002-0162 - LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatc

CVE-2002-0162

Summary

LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.

References

Vulnerable Configurations

cpe:2.3:a:logwatch:logwatch:*:*:*:*:*:*:*:*
cpe:2.3:a:logwatch:logwatch:*:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

redhat via4

advisories

refmap via4

bid	4374
bugtraq	20020327 Root compromise through LogWatch 2.1.1
confirm	http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html
vuln-dev	20020327 Root compromise through LogWatch 2.1.1
xf	logwatch-tmp-race-condition(8652)

Last major update

18-10-2016 - 02:16

Published

27-03-2002 - 05:00

Last modified

18-10-2016 - 02:16