Vulnerabilities > CVE-2001-0736

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
university-of-washington
immunix
mandrakesoft
redhat
engardelinux
nessus
exploit available
NVD
Published: 2001-10-18
Updated: 2024-11-20

Summary

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Vulnerable Configurations

Part Description Count
Application
University_Of_Washington
1
Application
Immunix
3
OS
Mandrakesoft
4
OS
Redhat
3
OS
Engardelinux
1

Exploit-Db

descriptionUniversity of Washington Pico 3.x/4.x File Overwrite Vulnerability. CVE-2001-0736. Local exploit for linux platform
idEDB-ID:20493
last seen2016-02-02
modified2000-12-11
published2000-12-11
reportermat
sourcehttps://www.exploit-db.com/download/20493/
titleUniversity of Washington Pico 3.x/4.x File Overwrite Vulnerability

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-047.NASL
descriptionVersions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. Update : The packages for 7.1 and Corporate Server did not properly update the menu entries. These updated packages update the menu entries.
last seen2020-06-01
modified2020-06-02
plugin id13866
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13866
titleMandrake Linux Security Advisory : pine (MDKSA-2001:047-1)

Redhat

advisories
rhsa
idRHSA-2001:042

References