Lucene search

MitreCVE-2001-0139

HistoryMay 07, 2001 - 4:00 a.m.

CVE-2001-0139

2001-05-0704:00:00

mitre

web.nvd.nist.gov

cve-2001-0139

inn

2.2.3

local users

symlink attack

arbitrary files

overwrite

nvd

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

5.1%

JSON

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Affected configurations

Nvd

Node

calderaopenlinux_desktopMatch2.3

immuniximmunixMatch7.0_beta

Node

calderaopenlinux_edesktopMatch2.4

calderaopenlinux_eserverMatch2.3

debiandebian_linuxMatch2.2

debiandebian_linuxMatch2.268k

debiandebian_linuxMatch2.2alpha

debiandebian_linuxMatch2.2arm

debiandebian_linuxMatch2.2sparc

mandrakesoftmandrake_linuxMatch6.0

mandrakesoftmandrake_linuxMatch6.1

mandrakesoftmandrake_linuxMatch7.0

mandrakesoftmandrake_linuxMatch7.1

mandrakesoftmandrake_linuxMatch7.2

redhatlinuxMatch7.0

VendorProductVersionCPE
calderaopenlinux_desktop2.3cpe:2.3:a:caldera:openlinux_desktop:2.3:*:*:*:*:*:*:*
immuniximmunix7.0_betacpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*
calderaopenlinux_edesktop2.4cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*
calderaopenlinux_eserver2.3cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
debiandebian_linux2.2cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
debiandebian_linux2.2cpe:2.3:o:debian:debian_linux:2.2:*:68k:*:*:*:*:*
debiandebian_linux2.2cpe:2.3:o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*
debiandebian_linux2.2cpe:2.3:o:debian:debian_linux:2.2:*:arm:*:*:*:*:*
debiandebian_linux2.2cpe:2.3:o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*
mandrakesoftmandrake_linux6.0cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
caldera	openlinux_desktop	2.3	cpe:2.3:a:caldera:openlinux_desktop:2.3:::::::*
immunix	immunix	7.0_beta	cpe:2.3:a:immunix:immunix:7.0_beta:::::::*
caldera	openlinux_edesktop	2.4	cpe:2.3:o:caldera:openlinux_edesktop:2.4:::::::*
caldera	openlinux_eserver	2.3	cpe:2.3:o:caldera:openlinux_eserver:2.3:::::::*
debian	debian_linux	2.2	cpe:2.3:o:debian:debian_linux:2.2:::::::*
debian	debian_linux	2.2	cpe:2.3:o:debian:debian_linux:2.2::68k:::::
debian	debian_linux	2.2	cpe:2.3:o:debian:debian_linux:2.2::alpha:::::
debian	debian_linux	2.2	cpe:2.3:o:debian:debian_linux:2.2::arm:::::
debian	debian_linux	2.2	cpe:2.3:o:debian:debian_linux:2.2::sparc:::::
mandrakesoft	mandrake_linux	6.0	cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:::::::*

Rows per page:

1-10 of 151

References

marc.info/?l=bugtraq&m=97916374410647&w=2

www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt

www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3

www.securityfocus.com/bid/2190

exchange.xforce.ibmcloud.com/vulnerabilities/5916

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2001-0139