Lucene search

[email protected]CVE-2001-0409

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0409

2001-09-1804:00:00

[email protected]

web.nvd.nist.gov

cve

information security

gvim

symlink attack

local users

file modification

world writable directory

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

0.4%

JSON

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

Affected configurations

NVD

Node

vim_development_groupvimMatch5.7

VendorProductVersionCPE
vim_development_groupvim5.7cpe:/a:vim_development_group:vim:5.7:::

Vendor	Product	Version	CPE
vim_development_group	vim	5.7	cpe:/a:vim_development_group:vim:5.7:::

References

www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt

www.novell.com/linux/security/advisories/2001_012_vim.html

exchange.xforce.ibmcloud.com/vulnerabilities/6628

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2001-0409

cvelist1 nvd1 suse1