CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published2001-01-09 12:00:00.000-05
Last Modified2017-10-18 09:29:00.000-04

Vulnerable Software List

VendorProductVersions
Immunix Immunix 6.2
Caldera Openlinux Edesktop 2.4
Caldera Openlinux Eserver 2.3
Caldera Openlinux
Redhat Linux 5.2, 6.0, 6.1, 6.2, 6.2e
Conectiva Linux 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1
Mandrakesoft Mandrake Linux 6.0, 6.1, 7.0, 7.1, 7.2
Hp Hp-ux 11.11
Suse Suse Linux 7.0

References

SourceLink
FREEBSDFreeBSD-SA-00:76
SGI20011103-02-P
BUGTRAQ20001028 tcsh: unsafe tempfile in << redirects
COMPAQSSRT1-41U
CONECTIVACLA-2000:350
CONECTIVACLSA-2000:354
BUGTRAQ20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
CALDERACSSA-2000-042.0
CALDERACSSA-2000-043.0
DEBIAN20001111a
CERT-VNVU#10277
MANDRAKEMDKSA-2000-069
MANDRAKEMDKSA-2000:075
REDHATRHSA-2000:117
REDHATRHSA-2000:121
BUGTRAQ20001128 /bin/sh creates insecure tmp files
BID1926
BID2006