Vulnerability Name:

CVE-2000-0724 (CCN-5161)

Assigned:2000-08-29
Published:2000-08-29
Updated:2008-09-05
Summary:The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: BUGTRAQ
Type: Vendor Advisory
20000829 More Helix Code installation problems (go-gnome)

Source: CCN
Type: BugTraq Mailing List, Tue Aug 29 2000 - 09:08:21 CDT
More Helix Code installation problems (go-gnome)

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20000829 Helix Code Security Advisory - go-gnome pre-installer

Source: CCN
Type: Helix Code Security Advisory 08-29-2000-2
go-gnome pre-installer

Source: MITRE
Type: CNA
CVE-2000-0724

Source: CCN
Type: OSVDB ID: 13729
Helix GNOME go-gnome Symlink Arbitrary File Overwrite

Source: BID
Type: Patch, Vendor Advisory
1622

Source: CCN
Type: BID-1622
Helix Code "go-gnome" /tmp Symlink Vulnerability

Source: XF
Type: UNKNOWN
go-gnome-preinstaller-symlink(5161)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:helix_code:go-gnome_pre-installer:1.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    helix_code go-gnome pre-installer 1.5