Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2000-1134

Published: 09/01/2001 Updated: 19/10/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Conectiva

Vulnerability Summary

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

conectiva linux 4.0

conectiva linux 4.0es

immunix immunix 6.2

conectiva linux 4.1

conectiva linux 4.2

conectiva linux 5.0

conectiva linux 5.1

caldera openlinux eserver 2.3

hp hp-ux 11.11

redhat linux 6.0

redhat linux 6.1

caldera openlinux

caldera openlinux edesktop 2.4

mandrakesoft mandrake linux 7.2

redhat linux 5.2

mandrakesoft mandrake linux 6.0

mandrakesoft mandrake linux 6.1

redhat linux 6.2

redhat linux 6.2e

mandrakesoft mandrake linux 7.0

mandrakesoft mandrake linux 7.1

suse suse linux 7.0

Exploits

Exploit DB: UUCP - File Creation/Overwriting Symlinks
/************************************************************** root exploit: multiple subsystem errors allowing root exploit bashackc - Thu Nov 30 21:50:50 NZDT 2000 (redhat 61) /etc/rcd/ and scripts that are trusting the untrustworthy /bin/sh acts silly when u get it to use the &lt;&lt; redirection it creates a mode 666 file with an ea ...
Exploit DB: Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell Redirection Race Condition
source: wwwsecurityfocuscom/bid/2006/info bash, tcsh, cash, ksh and sh are all variations of the Unix shell distributed with many Unix and Unix clone operating systems A vulnerability exists in these shells that could allow an attacker to arbitrarily write to files A vulnerability has been discovered in a number of Unix shells which ma ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/2006ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.aschttp://www.securityfocus.com/archive/1/146657http://www.debian.org/security/2000/20001111ahttp://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txthttp://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txthttp://www.redhat.com/support/errata/RHSA-2000-117.htmlhttp://www.redhat.com/support/errata/RHSA-2000-121.htmlhttp://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3http://www.securityfocus.com/bid/1926http://archives.neohapsis.com/archives/tru64/2002-q1/0009.htmlftp://patches.sgi.com/support/free/security/advisories/20011103-02-Phttp://www.kb.cert.org/vuls/id/10277http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350http://marc.info/?l=bugtraq&m=97561816504170&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047https://nvd.nist.govhttps://www.exploit-db.com/exploits/217/https://www.kb.cert.org/vuls/id/10277
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook