Vulnerability Name:

CVE-2001-1066 (CCN-7042)

Assigned:2001-08-27
Published:2001-08-27
Updated:2018-05-03
Summary:ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: VulnWatch Mailing List, Mon Aug 27 2001 - 11:39:38 CDT
Dangerous temp file creation during installation of Netscape 6.

Source: VULNWATCH
Type: UNKNOWN
20010827 Dangerous temp file creation during installation of Netscape 6.

Source: MITRE
Type: CNA
CVE-2001-1066

Source: BUGTRAQ
Type: UNKNOWN
20010827 Dangerous temp file creation during installation of Netscape 6.

Source: CCN
Type: US-CERT VU#356323
Netscape vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Source: CCN
Type: OSVDB ID: 8735
Netscape on Solaris ns6install Symlink Arbitrary File Overwrite

Source: BID
Type: Vendor Advisory
3243

Source: CCN
Type: BID-3243
Netscape 6 Temp File Symbolic Link Vulnerability

Source: CCN
Type: Sun Microsystems Web site
Netscape 6 for the Solaris Operating Environment

Source: XF
Type: UNKNOWN
netscape-install-tmpfile-symlink(7042)

Source: XF
Type: UNKNOWN
netscape-install-tmpfile-symlink(7042)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun solaris *