Lucene search

[email protected]CVE-2002-0824

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0824

2003-04-0205:00:00

CWE-59

[email protected]

web.nvd.nist.gov

bsd

pppd

vulnerability

local users

file permissions

symlink attack

tty device

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

Affected configurations

NVD

Node

freebsdpoint-to-point_protocol_daemonMatch-

CPENameOperatorVersion
freebsd:point-to-point_protocol_daemonfreebsd point-to-point protocol daemoneq-

CPE	Name	Operator	Version
freebsd:point-to-point_protocol_daemon	freebsd point-to-point protocol daemon	eq	-

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc

marc.info/?l=bugtraq&m=102812546815606&w=2

www.iss.net/security_center/static/9738.php

www.openbsd.org/errata31.html

www.securityfocus.com/bid/5355

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2002-0824

cvelist2 nvd2 cve1