ID CVE-2000-0864 Type cve Reporter NVD Modified 2017-10-09T21:29:20
Description
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
{"id": "CVE-2000-0864", "bulletinFamily": "NVD", "title": "CVE-2000-0864", "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "published": "2000-11-14T00:00:00", "modified": "2017-10-09T21:29:20", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "reporter": "NVD", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "https://exchange.xforce.ibmcloud.com/vulnerabilities/5213", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "cvelist": ["CVE-2000-0864"], "type": "cve", "lastseen": "2017-10-10T10:34:38", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "cvelist": ["CVE-2000-0864"], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "edition": 2, "enchantments": {}, "hash": "08eb2ad3bb0c056d3ee89ffd44dfef7f021968ccc4a937821c66f885b1439d19", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "176169cd08b5f8c5c7b13b74a635fd03", "key": "cpe"}, {"hash": "de1712b718be48797984456ccbb1aac8", "key": "published"}, {"hash": "961569c14405f4a7618dfa549b129f1d", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d7e03ad635329fa056794f5e7444342b", "key": "modified"}, {"hash": "2f2d7fb9566f1f861b71f01bc46dc739", "key": "references"}, {"hash": "3b59d12e484519e07cd197654e5fd0ff", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7caa2921614797d07a235b1d80b6e836", "key": "description"}, {"hash": "686869d9a6821587f624e9ae1d25439e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "20b312358ab5f293fffb562d006d88f6", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "id": "CVE-2000-0864", "lastseen": "2017-04-18T15:49:24", "modified": "2017-01-19T21:59:00", "objectVersion": "1.2", "published": "2000-11-14T00:00:00", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2000-0864", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:49:24"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "cvelist": ["CVE-2000-0864"], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "edition": 1, "hash": "9d4d1133c5e954100843a26e6a98cb19fb0350d646c5c7ccb768cf8de5c76759", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "176169cd08b5f8c5c7b13b74a635fd03", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "de1712b718be48797984456ccbb1aac8", "key": "published"}, {"hash": "961569c14405f4a7618dfa549b129f1d", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "b4d0416defb7e9bb7e7ce2660235920a", "key": "modified"}, {"hash": "2f2d7fb9566f1f861b71f01bc46dc739", "key": "references"}, {"hash": "3b59d12e484519e07cd197654e5fd0ff", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "686869d9a6821587f624e9ae1d25439e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e05185fd367ca1aa3f5e449fdbb4fafa", "key": "description"}, {"hash": "20b312358ab5f293fffb562d006d88f6", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "id": "CVE-2000-0864", "lastseen": "2016-09-03T02:45:33", "modified": "2008-09-10T00:00:00", "objectVersion": "1.2", "published": "2000-11-14T00:00:00", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2000-0864", "type": "cve", "viewCount": 0}, "differentElements": ["description", "modified"], "edition": 1, "lastseen": "2016-09-03T02:45:33"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "176169cd08b5f8c5c7b13b74a635fd03"}, {"key": "cvelist", "hash": "961569c14405f4a7618dfa549b129f1d"}, {"key": "cvss", "hash": "20b312358ab5f293fffb562d006d88f6"}, {"key": "description", "hash": "7caa2921614797d07a235b1d80b6e836"}, {"key": "href", "hash": "686869d9a6821587f624e9ae1d25439e"}, {"key": "modified", "hash": "84a459dc15860108d849708c38878b97"}, {"key": "published", "hash": "de1712b718be48797984456ccbb1aac8"}, {"key": "references", "hash": "7f450a1e8ce56e620527aa04e5e8012b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3b59d12e484519e07cd197654e5fd0ff"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c97a33cb5c552a530a5ac8a5a469a91e008e32d541a1bb3e7570dbcd116f27d0", "viewCount": 0, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"nessus": [{"id": "MANDRAKE_MDKSA-2000-051.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : esound (MDKSA-2000:051)", "description": "A problem exists with the esound daemon, which is used in GNOME and responsible for multiplexing access to audio devices. Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to store a unix domain socket. The socket is also created world-writable, so a race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This update contains a patch from FreeBSD which creates ~/.esd as the temporary directory to use and makes the unix domain socket read and write only to the user.", "published": "2012-09-06T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61841", "cvelist": ["CVE-2000-0864"], "lastseen": "2017-10-29T13:34:53"}], "exploitdb": [{"id": "EDB-ID:20212", "type": "exploitdb", "title": "GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability", "description": "GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability. CVE-2000-0864. Local exploit for unix platform", "published": "2000-08-31T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/20212/", "cvelist": ["CVE-2000-0864"], "lastseen": "2016-02-02T13:44:00"}], "osvdb": [{"id": "OSVDB:1547", "type": "osvdb", "title": "GNOME esound Symlink Privilege Escalation", "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2000:077-03\n[CVE-2000-0864](https://vulners.com/cve/CVE-2000-0864)\nBugtraq ID: 1659\n", "published": "2000-09-11T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:1547", "cvelist": ["CVE-2000-0864"], "lastseen": "2017-04-28T13:19:56"}]}}
