CVE

Id
2701  
CVE No.
CVE-2000-1134  
Status
Candidate  
Description
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.  
Phase
Modified (20061101)  
Votes
ACCEPT(2) Baker, Cole | MODIFY(1) Frech | NOOP(1) Wall | REVIEWING(1) Christey  
Comments
Frech> XF:linux-bash-tmp-symlink(5593) | Christey> Don"t all these shell programs originate from the same | codebase, including ksh? If so, we should have a single CAN | for all of these, and add: | XF:ksh-redirection-symlink | URL:http://xforce.iss.net/static/5811.php | CONECTIVA:CLA-2000:354 | BUGTRAQ:20001208 Immunix OS Security update for tcsh | http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0041.html | BUGTRAQ:20001220 /bin/ksh creates insecure tmp files | http://archives.neohapsis.com/archives/bugtraq/2000-12/0368.html | BUGTRAQ:20001227 IBM Findings: Korn Shell Redirection Race Condition Vulnerability | http://archives.neohapsis.com/archives/bugtraq/2000-12/0473.html | | Also see: http://archives.neohapsis.com/archives/bugtraq/2000-12/0420.html | which gives some shell history which may be of use. | Christey> ADDREF FREEBSD:FreeBSD-SA-01:03 for the bash problem. | Christey> Consider adding BID:2148 if this CAN should include ksh | Christey> SGI:20011103-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I | Also, DELREF BID:2148 and BID:1926. Keep BID:2006 | Christey> COMPAQ:SSRT1-41U | URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0742U-59U.shtml | CERT-VN:VU#10277 | URL:http://www.kb.cert.org/vuls/id/10277 | Christey> SGI:20011103-02-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P | Note that this is an update of the other SGI reference. | Christey> CALDERA:CSSA-2001-SCO.24 | URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/CSSA-2001-SCO.24.1.txt | CERT-VN:VU#10277 | URL:http://www.kb.cert.org/vuls/id/10277 | Christey> Missing BID - BID:1926 | Christey> HP:SSRT3618 | URL:http://archives.neohapsis.com/archives/hp/2003-q3/0042.html  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
10664 2701 CVE-2000-1134 BUGTRAQ:20001028 tcsh: unsafe tempfile in << redirects  View
10665 2701 CVE-2000-1134 URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html  View
10666 2701 CVE-2000-1134 BUGTRAQ:20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE  View
10667 2701 CVE-2000-1134 URL:http://marc.info/?l=bugtraq&m=97561816504170&w=2  View
10668 2701 CVE-2000-1134 BUGTRAQ:20001128 /bin/sh creates insecure tmp files  View
10669 2701 CVE-2000-1134 URL:http://www.securityfocus.com/archive/1/146657  View
10670 2701 CVE-2000-1134 CALDERA:CSSA-2000-043.0  View
10671 2701 CVE-2000-1134 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt  View
10672 2701 CVE-2000-1134 CALDERA:CSSA-2000-042.0  View
10673 2701 CVE-2000-1134 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt  View
10674 2701 CVE-2000-1134 COMPAQ:SSRT1-41U  View
10675 2701 CVE-2000-1134 URL:http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html  View
10676 2701 CVE-2000-1134 CONECTIVA:CLSA-2000:354  View
10677 2701 CVE-2000-1134 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354  View
10678 2701 CVE-2000-1134 DEBIAN:20001111a  View
10679 2701 CVE-2000-1134 URL:http://www.debian.org/security/2000/20001111a  View
10680 2701 CVE-2000-1134 FREEBSD:FreeBSD-SA-00:76  View
10681 2701 CVE-2000-1134 URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc  View
10682 2701 CVE-2000-1134 MANDRAKE:MDKSA-2000-069  View
10683 2701 CVE-2000-1134 URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3  View
10684 2701 CVE-2000-1134 MANDRAKE:MDKSA-2000:075  View
10685 2701 CVE-2000-1134 URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3  View
10686 2701 CVE-2000-1134 REDHAT:RHSA-2000:117  View
10687 2701 CVE-2000-1134 URL:http://www.redhat.com/support/errata/RHSA-2000-117.html  View
10688 2701 CVE-2000-1134 REDHAT:RHSA-2000:121  View
10689 2701 CVE-2000-1134 URL:http://www.redhat.com/support/errata/RHSA-2000-121.html  View
10690 2701 CVE-2000-1134 SGI:20011103-02-P  View
10691 2701 CVE-2000-1134 URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P  View
10692 2701 CVE-2000-1134 CERT-VN:VU#10277  View
10693 2701 CVE-2000-1134 URL:http://www.kb.cert.org/vuls/id/10277  View
10694 2701 CVE-2000-1134 BID:1926  View
10695 2701 CVE-2000-1134 URL:http://www.securityfocus.com/bid/1926  View
10696 2701 CVE-2000-1134 BID:2006  View
10697 2701 CVE-2000-1134 URL:http://www.securityfocus.com/bid/2006  View
10698 2701 CVE-2000-1134 CONECTIVA:CLA-2000:350  View
10699 2701 CVE-2000-1134 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350  View
10700 2701 CVE-2000-1134 OVAL:oval:org.mitre.oval:def:4047  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
64307 JVNDB-2000-000087 複数のシェルにおけるシンボシンボリックリンクの脆弱性 複数のシェルには、プロセス ID に基づいたファイル名が付けられるため、ファイル名を予測することは容易に可能であり、ファイル名をつけたシンボリックリンクを /tmp ディレクトリに作成することすることにより、任意のファイルを上書きし、不正に権限を昇格される脆弱性が存在します。 CVE-2000-1134 2701 7.2 http://jvndb.jvn.jp/ja/contents/2000/JVNDB-2000-000087.html  View