ID CVE-2000-0864 Type cve Reporter NVD Modified 2017-10-09T21:29:20
Description
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
{"id": "CVE-2000-0864", "bulletinFamily": "NVD", "title": "CVE-2000-0864", "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "published": "2000-11-14T00:00:00", "modified": "2017-10-09T21:29:20", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "reporter": "NVD", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "https://exchange.xforce.ibmcloud.com/vulnerabilities/5213", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "cvelist": ["CVE-2000-0864"], "type": "cve", "lastseen": "2017-10-10T10:34:38", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "cvelist": ["CVE-2000-0864"], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "edition": 2, "enchantments": {}, "hash": "08eb2ad3bb0c056d3ee89ffd44dfef7f021968ccc4a937821c66f885b1439d19", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "176169cd08b5f8c5c7b13b74a635fd03", "key": "cpe"}, {"hash": "de1712b718be48797984456ccbb1aac8", "key": "published"}, {"hash": "961569c14405f4a7618dfa549b129f1d", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d7e03ad635329fa056794f5e7444342b", "key": "modified"}, {"hash": "2f2d7fb9566f1f861b71f01bc46dc739", "key": "references"}, {"hash": "3b59d12e484519e07cd197654e5fd0ff", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7caa2921614797d07a235b1d80b6e836", "key": "description"}, {"hash": "686869d9a6821587f624e9ae1d25439e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "20b312358ab5f293fffb562d006d88f6", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "id": "CVE-2000-0864", "lastseen": "2017-04-18T15:49:24", "modified": "2017-01-19T21:59:00", "objectVersion": "1.2", "published": "2000-11-14T00:00:00", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2000-0864", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:49:24"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "cvelist": ["CVE-2000-0864"], "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.", "edition": 1, "hash": "9d4d1133c5e954100843a26e6a98cb19fb0350d646c5c7ccb768cf8de5c76759", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "176169cd08b5f8c5c7b13b74a635fd03", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "de1712b718be48797984456ccbb1aac8", "key": "published"}, {"hash": "961569c14405f4a7618dfa549b129f1d", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "b4d0416defb7e9bb7e7ce2660235920a", "key": "modified"}, {"hash": "2f2d7fb9566f1f861b71f01bc46dc739", "key": "references"}, {"hash": "3b59d12e484519e07cd197654e5fd0ff", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "686869d9a6821587f624e9ae1d25439e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e05185fd367ca1aa3f5e449fdbb4fafa", "key": "description"}, {"hash": "20b312358ab5f293fffb562d006d88f6", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0864", "id": "CVE-2000-0864", "lastseen": "2016-09-03T02:45:33", "modified": "2008-09-10T00:00:00", "objectVersion": "1.2", "published": "2000-11-14T00:00:00", "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html", "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html", "http://www.debian.org/security/2000/20001008", "http://www.redhat.com/support/errata/RHSA-2000-077.html", "http://www.securityfocus.com/bid/1659", "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html", "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2000-0864", "type": "cve", "viewCount": 0}, "differentElements": ["description", "modified"], "edition": 1, "lastseen": "2016-09-03T02:45:33"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "176169cd08b5f8c5c7b13b74a635fd03"}, {"key": "cvelist", "hash": "961569c14405f4a7618dfa549b129f1d"}, {"key": "cvss", "hash": "20b312358ab5f293fffb562d006d88f6"}, {"key": "description", "hash": "7caa2921614797d07a235b1d80b6e836"}, {"key": "href", "hash": "686869d9a6821587f624e9ae1d25439e"}, {"key": "modified", "hash": "84a459dc15860108d849708c38878b97"}, {"key": "published", "hash": "de1712b718be48797984456ccbb1aac8"}, {"key": "references", "hash": "7f450a1e8ce56e620527aa04e5e8012b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3b59d12e484519e07cd197654e5fd0ff"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c97a33cb5c552a530a5ac8a5a469a91e008e32d541a1bb3e7570dbcd116f27d0", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-10-10T10:34:38"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:gnome:esound:0.2.19"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"nessus": [{"lastseen": "2018-09-01T23:36:18", "references": [], "pluginID": "61841", "description": "A problem exists with the esound daemon, which is used in GNOME and responsible for multiplexing access to audio devices. Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to store a unix domain socket. The socket is also created world-writable, so a race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This update contains a patch from FreeBSD which creates ~/.esd as the temporary directory to use and makes the unix domain socket read and write only to the user.", "edition": 5, "reporter": "Tenable", "published": "2012-09-06T00:00:00", "title": "Mandrake Linux Security Advisory : esound (MDKSA-2000:051)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0864"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:7.0", "p-cpe:/a:mandriva:linux:esound", "p-cpe:/a:mandriva:linux:esound-devel", "cpe:/o:mandrakesoft:mandrake_linux:7.1", "cpe:/o:mandrakesoft:mandrake_linux:6.1", "cpe:/o:mandrakesoft:mandrake_linux:6.0"], "id": "MANDRAKE_MDKSA-2000-051.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61841", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2000:051. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61841);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2000-0864\");\n script_xref(name:\"MDKSA\", value:\"2000:051\");\n\n script_name(english:\"Mandrake Linux Security Advisory : esound (MDKSA-2000:051)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A problem exists with the esound daemon, which is used in GNOME and\nresponsible for multiplexing access to audio devices. Versions of\nesound prior to and including 0.2.19 create a world-writable directory\nin /tmp called .esd which is owned by the user running esound. This\ndirectory is used to store a unix domain socket. The socket is also\ncreated world-writable, so a race condition exists in the creation of\nthis socket which allows a local attacker to cause an arbitrary file\nor directory owned by the user running esound to become\nworld-writable. This update contains a patch from FreeBSD which\ncreates ~/.esd as the temporary directory to use and makes the unix\ndomain socket read and write only to the user.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected esound and / or esound-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:esound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2000/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK6.0\", cpu:\"i386\", reference:\"esound-0.2.17-3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK6.0\", cpu:\"i386\", reference:\"esound-devel-0.2.17-3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK6.1\", cpu:\"i386\", reference:\"esound-0.2.17-3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK6.1\", cpu:\"i386\", reference:\"esound-devel-0.2.17-3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.0\", cpu:\"i386\", reference:\"esound-0.2.17-3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.0\", cpu:\"i386\", reference:\"esound-devel-0.2.17-3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"esound-0.2.17-3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"esound-devel-0.2.17-3mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T13:44:00", "osvdbidlist": ["1547"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability. CVE-2000-0864. Local exploit for unix platform", "reporter": "Kris Kennaway", "published": "2000-08-31T00:00:00", "type": "exploitdb", "title": "GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0864"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2000-08-31T00:00:00", "id": "EDB-ID:20212", "href": "https://www.exploit-db.com/exploits/20212/", "sourceData": "source: http://www.securityfocus.com/bid/1659/info\r\n\r\nEsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware.\r\n\r\nVersions of esound up to and including 0.2.19 create a world-writable directory (/tmp/.esd) which is also used to store a domain socket used by esound. \r\n\r\nThe unix domain socket is also created world-writeable. A race condition exists when this socket is created such that if an attacker creates a symbolic link in the world-writeable /tmp/.esd directory at the right time, the file pointed to by it will be changed to a world-writeable mode. The target file, of course, would have to be owned by the user running ESound. This vulnerability may have to do with a lack of checking return values when binding the address structure to the domain socket before setting permissions on the file, but this is uncomfirmed as are the exact technical details of this vulnerability.\r\n\r\nPatches:\r\n\r\n--- esd.h.orig Thu Jun 29 23:12:53 2000\r\n+++ esd.h Thu Jun 29 23:12:41 2000\r\n@@ -7,8 +7,15 @@\r\n #endif\r\n\r\n /* path and name of the default EsounD domain socket */\r\n+#if 0\r\n #define ESD_UNIX_SOCKET_DIR \"/tmp/.esd\"\r\n #define ESD_UNIX_SOCKET_NAME ESD_UNIX_SOCKET_DIR ## \"/\" ## \"socket\"\r\n+#else\r\n+char *esd_unix_socket_dir(void);\r\n+char *esd_unix_socket_name(void);\r\n+#define ESD_UNIX_SOCKET_DIR esd_unix_socket_dir()\r\n+#define ESD_UNIX_SOCKET_NAME esd_unix_socket_name()\r\n+#endif\r\n \r\n /* length of the audio buffer size */\r\n #define ESD_BUF_SIZE (4 * 1024)\r\n--- esd.c.orig Tue Apr 4 11:20:08 2000\r\n+++ esd.c Thu Jun 29 23:34:18 2000\r\n@@ -219,12 +219,12 @@\r\n { \r\n mkdir(ESD_UNIX_SOCKET_DIR,\r\n S_IRUSR|S_IWUSR|S_IXUSR|\r\n- S_IRGRP|S_IWGRP|S_IXGRP|\r\n- S_IROTH|S_IWOTH|S_IXOTH);\r\n+ S_IRGRP|S_IXGRP|\r\n+ S_IROTH|S_IXOTH);\r\n chmod(ESD_UNIX_SOCKET_DIR,\r\n S_IRUSR|S_IWUSR|S_IXUSR|\r\n- S_IRGRP|S_IWGRP|S_IXGRP|\r\n- S_IROTH|S_IWOTH|S_IXOTH);\r\n+ S_IRGRP|S_IXGRP|\r\n+ S_IROTH|S_IXOTH);\r\n }\r\n if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)\r\n {\r\n@@ -317,9 +317,9 @@\r\n /* let anyone access esd's socket - but we have authentication so they */\r\n /* wont get far if they dont have the auth key */\r\n chmod(ESD_UNIX_SOCKET_NAME, \r\n- S_IRUSR|S_IWUSR|S_IXUSR|\r\n- S_IRGRP|S_IWGRP|S_IXGRP|\r\n- S_IROTH|S_IWOTH|S_IXOTH);\r\n+ S_IRUSR|S_IWUSR|\r\n+ S_IRGRP|\r\n+ S_IROTH);\r\n }\r\n if (listen(socket_listen,16)<0)\r\n {\r\n\r\n--- esdlib.c.orig Thu Jun 29 23:31:04 2000\r\n+++ esdlib.c Thu Jun 29 23:31:21 2000\r\n@@ -19,6 +19,8 @@\r\n #include <arpa/inet.h>\r\n #include <errno.h>\r\n #include <sys/wait.h>\r\n+#include <pwd.h>\r\n+#include <limits.h>\r\n \r\n #include <sys/un.h>\r\n \r\n@@ -1421,4 +1423,34 @@\r\n */\r\n \r\n return close( esd );\r\n+}\r\n+\r\n+char *\r\n+esd_unix_socket_dir(void) {\r\n+ static char *sockdir = NULL, sockdirbuf[PATH_MAX];\r\n+ struct passwd *pw;\r\n+\r\n+ if (sockdir != NULL)\r\n+ return (sockdir);\r\n+ pw = getpwuid(getuid());\r\n+ if (pw == NULL || pw->pw_dir == NULL) {\r\n+ fprintf(stderr, \"esd: could not find home directory\\n\");\r\n+ exit(1);\r\n+ }\r\n+ snprintf(sockdirbuf, sizeof(sockdirbuf), \"%s/.esd\", pw->pw_dir);\r\n+ endpwent();\r\n+ sockdir = sockdirbuf;\r\n+ return (sockdir);\r\n+}\r\n+\r\n+char *\r\n+esd_unix_socket_name(void) {\r\n+ static char *sockname = NULL, socknamebuf[PATH_MAX];\r\n+\r\n+ if (sockname != NULL)\r\n+ return (sockname);\r\n+ snprintf(socknamebuf, sizeof(socknamebuf), \"%s/socket\",\r\n+ esd_unix_socket_dir());\r\n+ sockname = socknamebuf;\r\n+ return (sockname);\r\n }\r\n\r\nWhile we're there, the build process also uses an insecure tempfile on\r\nnon-FreeBSD platforms. Patch:\r\n\r\n--- ltmain.sh.orig Thu Jun 29 23:41:49 2000\r\n+++ ltmain.sh Thu Jun 29 23:45:36 2000\r\n@@ -3227,7 +3227,7 @@\r\n outputname=\r\n if test \"$fast_install\" = no && test -n \"$relink_command\"; then\r\n if test \"$finalize\" = yes; then\r\n- outputname=\"/tmp/$$-$file\"\r\n+ outputname=$(mktemp \"${TMPDIR:-/tmp}/$file.XXXXXX\") || exit $?\r\n # Replace the output file specification.\r\n relink_command=`$echo \"X$relink_command\" | $Xsed -e 's%@OUTPUT@%'\"$outputname\"'%g'`\r\n ", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20212/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:56", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2000:077-03\n[CVE-2000-0864](https://vulners.com/cve/CVE-2000-0864)\nBugtraq ID: 1659\n", "reporter": "OSVDB", "published": "2000-09-11T00:00:00", "type": "osvdb", "title": "GNOME esound Symlink Privilege Escalation", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2000-0864"], "modified": "2000-09-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1547", "id": "OSVDB:1547", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
