Lucene search

[email protected]CVE-2001-1301

HistoryAug 07, 2001 - 4:00 a.m.

CVE-2001-1301

2001-08-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1301

emacs 20.4

xemacs 21.1.10

symlink attack

temporary files

file modification

7 High

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

CPENameOperatorVersion
gnu:emacsgnu emacseq20.4
xemacs:xemacsxemacseq21.1.10

CPE	Name	Operator	Version
gnu:emacs	gnu emacs	eq	20.4
xemacs:xemacs	xemacs	eq	21.1.10

References

archives.neohapsis.com/archives/bugtraq/2001-08/0093.html

savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95

www.iss.net/security_center/static/11210.php

7 High

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON