Lucene search

[email protected]CVE-2002-0435

HistoryJul 26, 2002 - 4:00 a.m.

CVE-2002-0435

2002-07-2604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

gnu file utilities

cve-2002-0435

race condition

directory deletion

unauthorized access

6.3 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a “…” directory that is higher than expected, possibly up to the root file system.

CPENameOperatorVersion
gnu:fileutilsgnu fileutilseq4.0
gnu:fileutilsgnu fileutilseq4.1
gnu:fileutilsgnu fileutilseq4.1.6

CPE	Name	Operator	Version
gnu:fileutils	gnu fileutils	eq	4.0
gnu:fileutils	gnu fileutils	eq	4.1
gnu:fileutils	gnu fileutils	eq	4.1.6

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt

mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html

www.iss.net/security_center/static/8432.php

www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php

www.redhat.com/support/errata/RHSA-2003-015.html

www.redhat.com/support/errata/RHSA-2003-016.html

www.securityfocus.com/archive/1/260936

www.securityfocus.com/bid/4266

6.3 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2002-0435

redhat1 nessus2 ubuntucve1 securityvulns1 cve1 prion1