CVE-2002-0211 - Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a wo

CVE-2002-0211

Summary

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

References

Vulnerable Configurations

cpe:2.3:a:tarantella:tarantella_enterprise:3.3.10:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.10:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.20:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.20:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	3966
bugtraq	20020126 Vulnerability report for Tarantella Enterprise 3. 20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)
confirm	http://www.tarantella.com/security/bulletin-04.html
xf	tarantella-gunzip-tmp-race(7996)

Last major update

14-02-2024 - 01:17

Published

16-05-2002 - 04:00

Last modified

14-02-2024 - 01:17