Lucene search

[email protected]CVE-2000-0494

HistoryOct 13, 2000 - 4:00 a.m.

CVE-2000-0494

2000-10-1304:00:00

[email protected]

web.nvd.nist.gov

cve-2000-0494

veritas volume manager

command injection

.server_pids

vmsa_server

local user access

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.

Affected configurations

NVD

Node

symantec_veritasvolume_managerMatch3.0.2

symantec_veritasvolume_managerMatch3.0.3

symantec_veritasvolume_managerMatch3.0.4

CPENameOperatorVersion
symantec_veritas:volume_managersymantec veritas volume managereq3.0.2
symantec_veritas:volume_managersymantec veritas volume managereq3.0.3
symantec_veritas:volume_managersymantec veritas volume managereq3.0.4

CPE	Name	Operator	Version
symantec_veritas:volume_manager	symantec veritas volume manager	eq	3.0.2
symantec_veritas:volume_manager	symantec veritas volume manager	eq	3.0.3
symantec_veritas:volume_manager	symantec veritas volume manager	eq	3.0.4

References

archives.neohapsis.com/archives/bugtraq/2000-06/0151.html

seer.support.veritas.com/tnotes/volumeman/230053.htm

www.securityfocus.com/bid/1356

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2000-0494

cvelist1 nvd1