First published: Thu Jan 31 2002(Updated: )
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Enscript | <=1.6.1 | |
Debian Linux | =2.2 | |
Red Hat Linux | =7.0 | |
Red Hat Linux | =6.1 | |
Red Hat Linux | =7.2 | |
Red Hat Linux | =6.2 | |
Red Hat Linux | =6.0 | |
Red Hat Linux | =7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2002-0044 is classified as a medium severity vulnerability due to its potential for local users to exploit it via a symlink attack.
To fix CVE-2002-0044, update GNU Enscript to version 1.6.2 or later to mitigate the symlink attack risk.
CVE-2002-0044 affects GNU Enscript versions 1.6.1 and earlier, as well as specific versions of Red Hat Linux and Debian.
CVE-2002-0044 exploits a symlink vulnerability allowing local users to overwrite arbitrary files.
CVE-2002-0044 is less of a concern for current systems that have been updated since it affects very outdated versions of software.