Vulnerabilities > CVE-2001-0143

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
high complexity
immunix
redhat
nessus

Summary

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

Vulnerable Configurations

Part Description Count
Application
Immunix
1
OS
Redhat
1

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-011.NASL
descriptionWireX discovered a potential temporary file race problem in the vpop3d program in the linuxconf package. This update corrects the problem.
last seen2020-06-01
modified2020-06-02
plugin id61885
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61885
titleMandrake Linux Security Advisory : linuxconf (MDKSA-2001:011)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2001:011. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(61885);
  script_version("1.5");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2001-0143");
  script_xref(name:"MDKSA", value:"2001:011");

  script_name(english:"Mandrake Linux Security Advisory : linuxconf (MDKSA-2001:011)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"WireX discovered a potential temporary file race problem in the vpop3d
program in the linuxconf package. This update corrects the problem."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-cn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-cs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-de");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-es");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-fi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-fr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-it");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-ko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-no");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-pt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-ro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-ru-SU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-se");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-sk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lang-zh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:linuxconf-util");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"linuxconf-1.15r2.2-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"linuxconf-devel-1.15r2.2-7.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"linuxconf-1.16r2.1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"linuxconf-devel-1.16r2.1-1.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"linuxconf-1.16r10-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"linuxconf-devel-1.16r10-3.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"linuxconf-1.18-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"linuxconf-devel-1.18-2.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-devel-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-cn-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-cs-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-de-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-es-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-fi-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-fr-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-it-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-ko-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-no-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-pt-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-ro-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-ru-SU-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-se-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-sk-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lang-zh-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-lib-1.21r5-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"linuxconf-util-1.21r5-5.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");