Vulnerability Details CVE-2001-1145
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.1%
CVSS Severity
CVSS v2 Score 6.2
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
- http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
- http://www.iss.net/security_center/static/8715.php
- http://www.openbsd.org/errata28.html
- http://www.osvdb.org/5466
- http://www.securityfocus.com/bid/3205
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
- http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
- http://www.iss.net/security_center/static/8715.php
- http://www.openbsd.org/errata28.html
- http://www.osvdb.org/5466
- http://www.securityfocus.com/bid/3205
Products affected by CVE-2001-1145
-
cpe:2.3:o:freebsd:freebsd:4.3
-
cpe:2.3:o:netbsd:netbsd:1.5
-
cpe:2.3:o:netbsd:netbsd:1.5.1
-
cpe:2.3:o:openbsd:openbsd:-
-
cpe:2.3:o:openbsd:openbsd:2.0
-
cpe:2.3:o:openbsd:openbsd:2.1
-
cpe:2.3:o:openbsd:openbsd:2.2
-
cpe:2.3:o:openbsd:openbsd:2.3
-
cpe:2.3:o:openbsd:openbsd:2.4
-
cpe:2.3:o:openbsd:openbsd:2.5
-
cpe:2.3:o:openbsd:openbsd:2.6
-
cpe:2.3:o:openbsd:openbsd:2.7
-
cpe:2.3:o:openbsd:openbsd:2.8
-
cpe:2.3:o:openbsd:openbsd:2.9