Vulnerability Details CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://seclists.org/bugtraq/2001/Dec/0122.html
- http://seclists.org/bugtraq/2001/Dec/0123.html
- http://secunia.com/advisories/16785
- http://secunia.com/advisories/18502
- http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
- http://www.redhat.com/support/errata/RHSA-2005-782.html
- http://www.securityfocus.com/bid/16280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
- http://seclists.org/bugtraq/2001/Dec/0122.html
- http://seclists.org/bugtraq/2001/Dec/0123.html
- http://secunia.com/advisories/16785
- http://secunia.com/advisories/18502
- http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
- http://www.redhat.com/support/errata/RHSA-2005-782.html
- http://www.securityfocus.com/bid/16280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
Products affected by CVE-2001-1494
-
cpe:2.3:a:avaya:cvlan:-
-
cpe:2.3:a:avaya:integrated_management_suit:-
-
cpe:2.3:a:avaya:interactive_response:-
-
cpe:2.3:a:avaya:interactive_response:1.2.1
-
cpe:2.3:a:avaya:interactive_response:1.3
-
cpe:2.3:a:avaya:intuity_lx:-
-
cpe:2.3:a:avaya:message_networking:-
-
cpe:2.3:a:avaya:message_networking:3.1
-
cpe:2.3:a:avaya:message_networking:5.2
-
cpe:2.3:a:avaya:message_networking:6.3
-
cpe:2.3:a:avaya:messaging_storage_server:3.0
-
cpe:2.3:a:avaya:messaging_storage_server:4.0
-
cpe:2.3:a:avaya:messaging_storage_server:5.0
-
cpe:2.3:a:kernel:util-linux:-
-
cpe:2.3:a:kernel:util-linux:2.10f
-
cpe:2.3:a:kernel:util-linux:2.10m
-
cpe:2.3:a:kernel:util-linux:2.10s
-
cpe:2.3:a:kernel:util-linux:2.11b
-
cpe:2.3:a:kernel:util-linux:2.11f
-
cpe:2.3:a:kernel:util-linux:2.11m
-
cpe:2.3:a:kernel:util-linux:2.2
-
cpe:2.3:a:kernel:util-linux:2.5
-
cpe:2.3:a:kernel:util-linux:2.7.1
-
cpe:2.3:a:kernel:util-linux:2.8
-
cpe:2.3:a:kernel:util-linux:2.9i
-
cpe:2.3:a:kernel:util-linux:2.9v