Lucene search

[email protected]CVE-2001-0774

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-0774

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0774

tripwire

overwrite files

privilege escalation

symbolic link attack

temporary files

nvd.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.

Affected configurations

NVD

Node

tripwiretripwireMatch1.3.1

tripwiretripwireMatch2.2.1

tripwiretripwireMatch2.3.0

CPENameOperatorVersion
tripwire:tripwiretripwireeq1.3.1
tripwire:tripwiretripwireeq2.2.1
tripwire:tripwiretripwireeq2.3.0

CPE	Name	Operator	Version
tripwire:tripwire	tripwire	eq	1.3.1
tripwire:tripwire	tripwire	eq	2.2.1
tripwire:tripwire	tripwire	eq	2.3.0

References

www.kb.cert.org/vuls/id/349019

www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3

www.osvdb.org/1895

www.securityfocus.com/archive/1/195617

www.securityfocus.com/bid/3003

exchange.xforce.ibmcloud.com/vulnerabilities/6820

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2001-0774

nvd1 nessus1 cert1 cvelist1