Vulnerabilities > CVE-2001-0736 - Local Security vulnerability in Linux Mandrake
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE local
low complexity
immunix
university-of-washington
engardelinux
mandrakesoft
redhat
nessus
exploit available
Summary
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 1 | |
| OS | 1 | |
| OS | 4 | |
| OS | 3 |
Exploit-Db
| description | University of Washington Pico 3.x/4.x File Overwrite Vulnerability. CVE-2001-0736. Local exploit for linux platform |
| id | EDB-ID:20493 |
| last seen | 2016-02-02 |
| modified | 2000-12-11 |
| published | 2000-12-11 |
| reporter | mat |
| source | https://www.exploit-db.com/download/20493/ |
| title | University of Washington Pico 3.x/4.x File Overwrite Vulnerability |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2001-047.NASL |
| description | Versions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. Update : The packages for 7.1 and Corporate Server did not properly update the menu entries. These updated packages update the menu entries. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13866 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13866 |
| title | Mandrake Linux Security Advisory : pine (MDKSA-2001:047-1) |
Redhat
| advisories |
|