- Description
- faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue.
- MandrivaThis issue was fixed on May 5, 2003 for all Mandriva Linux products.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gert_doering:mgetty:1.1.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EBE89B2-7BF0-4216-9C6B-5EBA17429406"
}
],
"operator": "OR"
}
]
}
]