Published: 04/10/2002 Updated: 18/10/2016

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dan mueth scrollkeeper 0.3.5
dan mueth scrollkeeper 0.3.6
dan mueth scrollkeeper 0.3.10
dan mueth scrollkeeper 0.3.11
dan mueth scrollkeeper 0.3.9
dan mueth scrollkeeper 0.3.3
dan mueth scrollkeeper 0.3.4
dan mueth scrollkeeper 0.3
dan mueth scrollkeeper 0.3.1
dan mueth scrollkeeper 0.3.7
dan mueth scrollkeeper 0.3.8

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and o ...

NVD-CWE-Other http://www.redhat.com/support/errata/RHSA-2002-186.html http://www.debian.org/security/2002/dsa-160 http://www.iss.net/security_center/static/10002.php http://www.securityfocus.com/bid/5602 http://marc.info/?l=bugtraq&m=103098575826031&w=2 http://marc.info/?l=bugtraq&m=103115387102294&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-160

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0662

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect