Vulnerabilities > CVE-2001-0556 - Unspecified vulnerability in Nedit
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN nedit
nessus
Summary
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-053.NASL description The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files. last seen 2020-06-01 modified 2020-06-02 plugin id 14890 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14890 title Debian DSA-053-1 : nedit - insecure temporary file code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-053. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14890); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0556"); script_bugtraq_id(2667); script_xref(name:"DSA", value:"053"); script_name(english:"Debian DSA-053-1 : nedit - insecure temporary file"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-053" ); script_set_attribute( attribute:"solution", value:"This has been fixed in version 5.02-7.1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nedit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"nedit", reference:"5.02-7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-042.NASL description A temporary file vulnerability exists in NEdit, the Nirvana Editor. When printing the entire text or selected parts of the text within the editor, nedit creates a temporary file in an insecure manner. This could be exploited to gain access to other user privileges including root. last seen 2020-06-01 modified 2020-06-02 plugin id 13861 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13861 title Mandrake Linux Security Advisory : nedit (MDKSA-2001:042) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:042. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13861); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0556"); script_xref(name:"MDKSA", value:"2001:042"); script_name(english:"Mandrake Linux Security Advisory : nedit (MDKSA-2001:042)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A temporary file vulnerability exists in NEdit, the Nirvana Editor. When printing the entire text or selected parts of the text within the editor, nedit creates a temporary file in an insecure manner. This could be exploited to gain access to other user privileges including root." ); script_set_attribute(attribute:"solution", value:"Update the affected nedit package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nedit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2001/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"nedit-5.1.1-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"nedit-5.1.1-9.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"nedit-5.1.1-13.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
| advisories |
|
References
- http://www.debian.org/security/2001/dsa-053
- http://www.debian.org/security/2001/dsa-053
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
- http://www.nedit.org/archives/develop/2001-Feb/0391.html
- http://www.nedit.org/archives/develop/2001-Feb/0391.html
- http://www.novell.com/linux/security/advisories/2001_014_nedit.html
- http://www.novell.com/linux/security/advisories/2001_014_nedit.html
- http://www.redhat.com/support/errata/RHSA-2001-061.html
- http://www.redhat.com/support/errata/RHSA-2001-061.html
- http://www.securityfocus.com/archive/1/180237
- http://www.securityfocus.com/archive/1/180237
- http://www.securityfocus.com/bid/2667
- http://www.securityfocus.com/bid/2667