Vulnerability Name: | CVE-2002-2001 (CCN-7980) | ||||||||
Assigned: | 2002-01-22 | ||||||||
Published: | 2002-01-22 | ||||||||
Updated: | 2008-09-10 | ||||||||
Summary: | jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2002-2001 Source: XF Type: Patch linux-jmcce-tmp-symlink(7980) Source: MANDRAKE Type: UNKNOWN MDKSA-2002:008 Source: CCN Type: OSVDB ID: 59611 jmcce on Mandrake /tmp Temporary File Symlink Arbitrary File Overwrite Source: BID Type: Patch 3940 Source: CCN Type: BID-3940 jmcce Predictable Log File Symbolic Link Attack Vulnerability Source: XF Type: UNKNOWN linux-jmcce-tmp-symlink(7980) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |