Vulnerability Name:

CVE-2000-0691 (CCN-5159)

Assigned:2000-08-26
Published:2000-08-26
Updated:2008-09-05
Summary:The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-029.0
/tmp file race in faxrunq

Source: CCN
Type: Mgetty+Sendfax Web site
Mgetty+Sendfax Archive/Documentation Centre

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20000826 Advisory: mgetty local compromise

Source: CCN
Type: BugTraq Mailing List, Sat Aug 26 2000 - 01:23:05 CDT
Advisory: mgetty local compromise

Source: CONFIRM
Type: UNKNOWN
http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:312
mgetty: Overwriting any file in the system

Source: MITRE
Type: CNA
CVE-2000-0691

Source: CCN
Type: RHSA-2000:059-02
mgetty

Source: CALDERA
Type: Patch, Vendor Advisory
CSSA-2000-029.0

Source: CCN
Type: OSVDB ID: 11861
mgetty faxrunqd Symlink Arbitrary File Modification

Source: BID
Type: Exploit, Patch, Vendor Advisory
1612

Source: CCN
Type: BID-1612
Multiple Vendor mgetty Symbolic Link Traversal Vulnerability

Source: XF
Type: UNKNOWN
mgetty-faxrunq-symlink(5159)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gert_doering:mgetty:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:gert_doering:mgetty:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:gert_doering:mgetty:1.1.21:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:gert_doering:mgetty:1.1.21:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    gert_doering mgetty 1.1.19
    gert_doering mgetty 1.1.20
    gert_doering mgetty 1.1.21
    gert_doering mgetty 1.1.21