Vulnerability Name:

CVE-2002-0169 (CCN-8983)

Assigned:2002-05-01
Published:2002-05-01
Updated:2008-09-11
Summary:The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2002-0169

Source: CCN
Type: Hewlett-Packard Company Security Advisory HPSBTL0205-038
Security vulnerability in DocBooks package

Source: HP
Type: UNKNOWN
HPSBTL0205-038

Source: CCN
Type: RHSA-2002-062
Insecure DocBook stylesheet option

Source: XF
Type: UNKNOWN
linux-docbook-stylesheet-insecure(8983)

Source: OSVDB
Type: UNKNOWN
5349

Source: CCN
Type: OSVDB ID: 5349
Red Hat Linux DocBook Insecure Option Overwrite Arbitrary File

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:062

Source: BID
Type: UNKNOWN
4654

Source: CCN
Type: BID-4654
RedHat DocBook Tools Default Stylesheet Arbitrary File Write Vulnerability

Source: XF
Type: UNKNOWN
linux-docbook-stylesheet-insecure(8983)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:docbook_stylesheets:1.54.13:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:docbook_utils:0.6.9-2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:docbook_utils:0.6.13:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    redhat docbook stylesheets 1.54.13
    redhat docbook utils 0.6.9-2
    redhat docbook utils 0.6.13
    redhat linux 6.2
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2