6.5 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
24.7%
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named ‘cookies’ via a symlink attack.
CPE | Name | Operator | Version |
---|---|---|---|
openbsd:openssh | openbsd openssh | le | 2.9 |
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
online.securityfocus.com/archive/1/188737
www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
www.kb.cert.org/vuls/id/655259
www.openbsd.org/errata29.html
www.osvdb.org/1853
www.securityfocus.com/bid/2825
exchange.xforce.ibmcloud.com/vulnerabilities/6676