Lucene search

[email protected]CVE-2001-0529

HistoryAug 14, 2001 - 4:00 a.m.

CVE-2001-0529

2001-08-1404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

openssh

x forwarding

symlink attack

cve-2001-0529

file deletion

vulnerability

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.7%

JSON

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named ‘cookies’ via a symlink attack.

CPENameOperatorVersion
openbsd:opensshopenbsd opensshle2.9

CPE	Name	Operator	Version
openbsd:openssh	openbsd openssh	le	2.9

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc

archives.neohapsis.com/archives/bugtraq/2001-05/0322.html

archives.neohapsis.com/archives/bugtraq/2001-06/0007.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431

download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01

online.securityfocus.com/archive/1/188737

www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt

www.kb.cert.org/vuls/id/655259

www.openbsd.org/errata29.html

www.osvdb.org/1853

www.securityfocus.com/bid/2825

exchange.xforce.ibmcloud.com/vulnerabilities/6676

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.7%

JSON

Related for CVE-2001-0529

nessus2 cert1 openvas1