CVE
- Id
- 2291
- CVE No.
- CVE-2000-0715
- Status
- Candidate
- Description
- DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
- Phase
- Modified (20080226)
- Votes
- ACCEPT(3) Baker, Levy, Williams | MODIFY(2) Christey, Cox | NOOP(2) Cole, Wall
- Comments
- Christey> XF:diskcheck-tmp-race-condition | http://xforce.iss.net/static/5061.php | Christey> ADDREF REDHAT:RHSA-2000:122-04 ? | The advisory addresses some diskcheck symlink vulnerability, | but the initial announcement was 4 months before the advisory | was released; however, the DiskCheck versions seem to | correspond. | Christey> See various Bugtraq posts relating to this, and verify if the | Conectiva/Red Hat/etc. advisories are really addressing this | particular problem. | e.g.: BUGTRAQ:20000622 Re: rh 6.2 - gid compromises, etc [+ MORE!!!] | http://marc.theaimsgroup.com/?l=bugtraq&m=96172022819526&w=2 | BUGTRAQ:20000810 CONECTIVA LINUX SECURITY ANNOUNCEMENT - diskcheck | http://marc.theaimsgroup.com/?l=bugtraq&m=96604843017702&w=2 | REDHAT:RHSA-2000:122-06 | http://marc.theaimsgroup.com/?l=bugtraq&m=97649229201967&w=2 | BID:2050 | URL:http://www.securityfocus.com/bid/2050 | Christey> The following RedHat advisory appears to identify the same | problem as one that was posted to Bugtraq on August 8, 2000: | REDHAT:RHSA-2000:122-06 | http://www.redhat.com/support/errata/powertools/RHSA-2000-122.html | | See the following BugID, as referenced in the advisory: | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11724 | So, add: | BID:2050 | URL:http://www.securityfocus.com/bid/2050 | XF:linux-diskcheck-race-symlink | URL:http://xforce.iss.net/static/5624.php | | [note the apparent BID duplicates, however] | CHANGE> [Christey changed vote from NOOP to MODIFY] | Christey> Missing BID - BID:1552 | Cox> ADDREF REDHAT:RHSA-2000:122
