Vulnerability Name:

CVE-2001-0809 (CCN-6396)

Assigned:2001-04-17
Published:2001-04-17
Updated:2017-10-11
Summary:Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-018.0
samba /tmp problems

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-018.1
Linux - samba /tmp problems

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:36
samba ports contain locally exploitable /tmp races

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-015.0
samba security problems

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-016-01
samba

Source: CCN
Type: BugTraq Mailing List, Tue Apr 17 2001 - 19:06:48 CDT
Samba 2.0.8 security fix

Source: HP
Type: Patch, Vendor Advisory
HPSBUX0106-155

Source: MITRE
Type: CNA
CVE-2001-0406

Source: MITRE
Type: CNA
CVE-2001-0809

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:395
samba

Source: CCN
Type: Progeny Linux Systems Security Advisory PROGENY-SA-2001-05
Samba /tmp vulnerabilities

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0106-155
Security Vulnerability in CIFS/9000 Server

Source: CCN
Type: RHSA-2001-044
New samba packages available to fix /tmp races

Source: CCN
Type: Samba Project Web site
Samba

Source: CCN
Type: CIAC Information Bulletin L-084
Red Hat Samba Package /tmp Race Condition

Source: DEBIAN
Type: DSA-048
samba -- symlink attack

Source: CCN
Type: US-CERT VU#670568
Samba creates temporary files insecurely

Source: CCN
Type: OSVDB ID: 13870
Samba Printer Queue Query Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 13871
Samba smbclient more Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 13872
Samba smbclient mput Symlink Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 59511
HP-UX CIFS/9000 Server (SAMBA) Unspecified Resource Modification Arbitrary File Overwrite

Source: CCN
Type: BID-2617
Samba Insecure TMP file Symbolic Link Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2001-0005
samba

Source: CCN
Type: Trustix Secure Linux Security Advisory #2001-0006
samba

Source: XF
Type: UNKNOWN
samba-tmpfile-symlink(6396)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5673

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.01:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5673
    V
    		HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
    2014-03-24
    BACK
    hp hp-ux 11.00
    hp hp-ux 11.11
    samba samba *
    redhat linux 5.2
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    connectiva linux -
    trustix secure linux 1.1
    redhat linux 7
    freebsd freebsd 3.5.1
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    freebsd freebsd 4.2
    redhat linux 7.1
    trustix secure linux 1.01
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    redhat linux 7.2
    redhat linux 7.3
    hp cifs-9000 server a.01.05
    hp cifs-9000 server a.01.06