Lucene search

MitreCVE-2001-1145

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2001-1145

2003-04-0205:00:00

mitre

web.nvd.nist.gov

freebsd

netbsd

openbsd

fts routines

security vulnerability

cve-2001-1145

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

25.1%

JSON

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Affected configurations

Nvd

Node

freebsdfreebsdMatch4.3

netbsdnetbsdMatch1.5

netbsdnetbsdMatch1.5.1

openbsdopenbsdRange≤2.9

VendorProductVersionCPE
freebsdfreebsd4.3cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*
netbsdnetbsd1.5cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
netbsdnetbsd1.5.1cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
openbsdopenbsd*cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freebsd	freebsd	4.3	cpe:2.3:o:freebsd:freebsd:4.3:::::::*
netbsd	netbsd	1.5	cpe:2.3:o:netbsd:netbsd:1.5:::::::*
netbsd	netbsd	1.5.1	cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
openbsd	openbsd	*	cpe:2.3:o:openbsd:openbsd::::::::

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc

archives.neohapsis.com/archives/netbsd/2001-q3/0204.html

www.iss.net/security_center/static/8715.php

www.openbsd.org/errata28.html

www.osvdb.org/5466

www.securityfocus.com/bid/3205

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

25.1%

JSON

Related for CVE-2001-1145