6764 matches found
CVE-2001-0120
CVE-2001-0120 relates to the shadow-utils package, specifically the useradd component. The vulnerability arises from insecure temporary file handling: useradd creates temporary files in /etc/default with predictable names. If /etc/default is world-writable, an attacker could perform a symbolic-li...
CVE-2001-0125
CVE-2001-0125 affects exmh 2.2 and earlier, where insecure handling of temporary files in /tmp (e.g., exmhErrorMsg) allows local users to overwrite files via a symlink attack. Connected advisories confirm the issue and note that newer versions (e.g., exmh 2.3.1+) fix the vulnerability by switchin...
CVE-2001-0118
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0036
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file...
CVE-2001-0169
CVE-2001-0169 : The GNU C Library (glibc) fails to verify that libraries loaded via LD_PRELOAD into SUID/SGID processes are also non-SUID/non-SGID when they come from /etc/ld.so.cache, enabling a local user to pre-load a library from /lib or /usr/lib and overwrite privileged files. Documented in ...
CVE-2001-0142
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations...
CVE-2001-0138
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0116
The CVE concerns gpm 1.19.3 where a race condition allows a local user to exploit predictable /tmp filenames and symlink targets to overwrite/modify files the privileged gpm process uses. This is described in CERT/CC and Mandrake advisories, which note a temporary-file handling flaw; the impact i...
CVE-2001-0141
CVE-2001-0141 affects mgetty: multiple sources confirm insecure temporary-file handling that allows local users to overwrite arbitrary files via a symlink attack in certain configurations. Vulnerable until versions before 1.1.24 (Mandrake/MDKSA-2001:009; Debian DSA-011-2 notes patch in 1.1.21-3po...
CVE-2000-0890
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0116
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0059
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0140
arpwatch 2.1a4 is vulnerable to a local symlink attack that can allow a local user to overwrite arbitrary files in certain configurations. The connected Mandrake advisory MDKSA-2001:002 notes a temporary file race condition and indicates the fix is included in arpwatch version 2.1a10. Affected pr...
CVE-2001-0105
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group...
CVE-2001-0125
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file...
CVE-2001-0142
CVE-2001-0142 affects squid 2.3 and earlier. The issue is a local symlink/race condition that can cause local users to overwrite arbitrary files via temporary file handling in certain configurations. Impact is described as local privilege/content modification without remote access; CVSS reflects ...
CVE-2001-0119
Getty_ps 2.0.7j is affected by a local symlink race that can cause overwriting of arbitrary files in /tmp, potentially impacting files writable by the effective UID (often root). Mandrake/MGK advisories indicate a temporary-file race fix, updating to getty_ps 2.1.0a (or newer) to remediate. CERT ...
CVE-2001-0008
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures...
CVE-2001-0143
The CVE-2001-0143 issue affects the vpop3d component in the linuxconf package (versions 1.23r and earlier). The root cause is a temporary file race (symlink attack) that local users can exploit to overwrite arbitrary files. Public references in the Mandrake advisory MDKSA-2001:011 confirm the vul...
CVE-2001-0169
When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...