CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
0.4%
KApplication-class, a class used to create KDE applications, creates configuration files without checking for proper ownership or prior existence.
KApplication-class, a class used to create KDE applications, creates configuration files. These files are created in a local directory and named predictably based on the KDE application name. The CREAT call does not check for prior existence or proper ownership.
Using a symlink attack, an attacker my cause corruption of any file writable by the user of the application. If the application is setuid root, an attacker may cause corruption of any file in the system.
Contact vendor for patches.
The system administrator could create configuration files for common applications, appropriately named and protected, to forestall the symlink attack, but this would not be a robust fix and may need to be reapplied frequently.
32448
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 05, 2000 Updated: May 29, 2001
Affected
<http://www.linuxsecurity.com/advisories/redhat_advisory-470.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2332448 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
The initial report of this vulnerability was made by Sebastian Krahmer.
This document was last modified by Tim Shimeall.
CVE IDs: | CVE-2000-0530 |
---|---|
Severity Metric: | 3.79 Date Public: |