CVE-2001-1494
First published: Mon Dec 31 2001(Updated: )
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| util-linux | <=2.11m | |
| kernel util-linux | <2.11n | |
| Avaya CVLAN | ||
| Avaya Integrated Management Suite | ||
| Avaya Interactive Response | ||
| Avaya Intuity LX | ||
| Avaya Message Networking | ||
| Avaya Modular Messaging Message Storage Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2005-782.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
- http://www.securityfocus.com/bid/16280
- http://secunia.com/advisories/16785
- http://secunia.com/advisories/18502
- http://seclists.org/bugtraq/2001/Dec/0123.html
- http://seclists.org/bugtraq/2001/Dec/0122.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
Frequently Asked Questions
What is the severity of CVE-2001-1494?
CVE-2001-1494 is classified as a moderate severity vulnerability due to the potential for local users to overwrite arbitrary files.
How do I fix CVE-2001-1494?
To fix CVE-2001-1494, upgrade the util-linux package to version 2.11n or later.
Who is affected by CVE-2001-1494?
Affected users include those running util-linux versions prior to 2.11n, as well as several Avaya products that utilize this package.
What is the nature of the vulnerability in CVE-2001-1494?
CVE-2001-1494 allows local users to exploit the script command by creating a hardlink from the typescript log file to any arbitrary file.
Can CVE-2001-1494 be exploited remotely?
CVE-2001-1494 cannot be directly exploited remotely as it requires local access to the system.
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/andries brouwer
- canonical/util-linux
- version/util-linux/2.11m
- vendor/kernel
- canonical/kernel util-linux
- vendor/avaya
- canonical/avaya cvlan
- canonical/avaya integrated management suite
- canonical/avaya interactive response
- canonical/avaya intuity lx
- canonical/avaya message networking
- canonical/avaya modular messaging message storage server