Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2002-0658

Published: 12/08/2002 Updated: 04/09/2013
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 625
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

OSSP mm library (libmm) prior to 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.

Vulnerable Product Search on Vulmon Subscribe to Product

ossp mm 1.0.0

ossp mm 1.0.1

ossp mm 1.0.5

ossp mm 1.0.6

ossp mm 1.0.12

ossp mm 1.0.2

ossp mm 1.0.9

ossp mm 1.1.0

ossp mm 1.0.3

ossp mm 1.0.4

ossp mm 1.1.1

ossp mm 1.1.2

ossp mm 1.1.3

ossp mm 1.0.10

ossp mm 1.0.11

ossp mm 1.0.7

ossp mm 1.0.8

Vendor Advisories

Debian Security Advisories: DSA-137-1 mm -- insecure temporary files
Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user “www-data” is already available (which could easily be triggered through PHP) ...

Exploits

Exploit DB: MM 1.0.x/1.1.x - Shared Memory Library Temporary File Privilege Escalation
source: wwwsecurityfocuscom/bid/5352/info The MM Shared Memory library is reported to be prone to a race condition with regards to temporary files which may enable a local attacker to gain elevated privileges This issue may reportedly be exploited by an attacker with shell access as the Apache webserver user to gain root privileges on a ...

References

NVD-CWE-Otherhttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.phphttp://rhn.redhat.com/errata/RHSA-2002-153.htmlhttp://rhn.redhat.com/errata/RHSA-2002-154.htmlhttp://rhn.redhat.com/errata/RHSA-2002-156.htmlhttp://www.redhat.com/support/errata/RHSA-2002-163.htmlhttp://rhn.redhat.com/errata/RHSA-2002-164.htmlhttp://www.redhat.com/support/errata/RHSA-2003-158.htmlftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txthttp://www.debian.org/security/2002/dsa-137http://online.securityfocus.com/advisories/4392http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.htmlhttp://www.iss.net/security_center/static/9719.phphttp://www.securityfocus.com/bid/5352ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.aschttps://nvd.nist.govhttps://www.debian.org/security/./dsa-137https://www.exploit-db.com/exploits/21667/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30043cameraCVE-2023-40404CVE-2024-2793client sideCVE-2024-4469CVE-2024-3565CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook