ID CVE-2001-0140
Type cve
Reporter cve@mitre.org
Modified 2017-10-10T01:29:00
Description
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
{"id": "CVE-2001-0140", "bulletinFamily": "NVD", "title": "CVE-2001-0140", "description": "arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.", "published": "2001-03-12T05:00:00", "modified": "2017-10-10T01:29:00", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0140", "reporter": "cve@mitre.org", "references": ["http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3", "http://www.securityfocus.com/bid/2183", "https://exchange.xforce.ibmcloud.com/vulnerabilities/5922", "http://marc.info/?l=bugtraq&m=97916374410647&w=2"], "cvelist": ["CVE-2001-0140"], "type": "cve", "lastseen": "2019-05-29T18:07:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "dcee1ac5aa7fc645d31c7de7a466f361"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "7d701e6e045f20f9f9c10971266dc0d0"}, {"key": "cpe23", "hash": "17708d474ca9f5b4848767b8ee457ef0"}, {"key": "cvelist", "hash": "67c4be227c8691ba735e5bdb2f55841e"}, {"key": "cvss", "hash": "89a548ed638a1e0b413c577d958b8c78"}, {"key": "cvss2", "hash": "175e47f5d7d9b35b5bf2d8e5d4b2291f"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "e7b3bf71d01693194c2394329e03ef27"}, {"key": "href", "hash": "12ceb7e78d91fa941b8102d1662c934e"}, {"key": "modified", "hash": "2c52e3b4571b0154b8982c1cb76da83c"}, {"key": "published", "hash": "ba567f73d93181b92d1c3d50ba4b6d91"}, {"key": "references", "hash": "c9151dcc6a33815967d6126910ea4aa0"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "876c705b5ec032b529b896ae3e2c7e6f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f432c4dd02bc65923dc69ca394745d30440649c32937873704680c5072ffd622", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MANDRAKE_MDKSA-2001-002.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:1711"]}], "modified": "2019-05-29T18:07:37"}, "score": {"value": 3.8, "vector": "NONE", "modified": "2019-05-29T18:07:37"}, "vulnersScore": 3.8}, "objectVersion": "1.3", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:7.2", "cpe:/o:mandrakesoft:mandrake_linux:7.0", "cpe:/a:immunix:immunix:7.0_beta", "cpe:/a:mandrakesoft:mandrake_linux:7.2", "cpe:/o:mandrakesoft:mandrake_linux:7.1", "cpe:/a:mandrakesoft:mandrake_linux:7.0", "cpe:/a:redhat:linux:7.0", "cpe:/o:mandrakesoft:mandrake_linux:6.1", "cpe:/a:mandrakesoft:mandrake_linux:7.1", "cpe:/o:redhat:linux:7.0", "cpe:/a:mandrakesoft:mandrake_linux:6.0", "cpe:/o:mandrakesoft:mandrake_linux:6.0", "cpe:/a:mandrakesoft:mandrake_linux:6.1"], "affectedSoftware": [{"name": "mandrakesoft mandrake_linux", "operator": "eq", "version": "7.0"}, {"name": "mandrakesoft mandrake_linux", "operator": "eq", "version": "6.0"}, {"name": "mandrakesoft mandrake_linux", "operator": "eq", "version": "7.2"}, {"name": "mandrakesoft mandrake_linux", "operator": "eq", "version": "7.1"}, {"name": "immunix immunix", "operator": "eq", "version": "7.0_beta"}, {"name": "mandrakesoft mandrake_linux", "operator": "eq", "version": "6.1"}, {"name": "redhat linux", "operator": "eq", "version": "7.0"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 5922\n[CVE-2001-0140](https://vulners.com/cve/CVE-2001-0140)\nBugtraq ID: 2183\n", "modified": "2001-01-10T00:00:00", "published": "2001-01-10T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1711", "id": "OSVDB:1711", "type": "osvdb", "title": "arpwatch /tmp File Race Condition", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T02:54:54", "bulletinFamily": "scanner", "description": "WireX discovered a potential temporary file race condition in the\narpwatch program. This problem has been corrected in arpwatch version\n2.1a10.", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2001-002.NASL", "href": "https://www.tenable.com/plugins/nessus/61876", "published": "2012-09-06T00:00:00", "title": "Mandrake Linux Security Advisory : arpwatch (MDKSA-2001:002)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2001:002. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61876);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/08/02 13:32:46\");\n\n script_cve_id(\"CVE-2001-0140\");\n script_xref(name:\"MDKSA\", value:\"2001:002\");\n\n script_name(english:\"Mandrake Linux Security Advisory : arpwatch (MDKSA-2001:002)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"WireX discovered a potential temporary file race condition in the\narpwatch program. This problem has been corrected in arpwatch version\n2.1a10.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected arpwatch package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:arpwatch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2001/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK6.0\", cpu:\"i386\", reference:\"arpwatch-2.1a10-1.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK6.1\", cpu:\"i386\", reference:\"arpwatch-2.1a10-1.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.0\", cpu:\"i386\", reference:\"arpwatch-2.1a10-1.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"arpwatch-2.1a10-1.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"arpwatch-2.1a10-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}]}
