Vulnerabilities > CVE-2001-0736 - Local Security vulnerability in Linux Mandrake

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
immunix
university-of-washington
engardelinux
mandrakesoft
redhat
nessus
exploit available

Summary

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Exploit-Db

descriptionUniversity of Washington Pico 3.x/4.x File Overwrite Vulnerability. CVE-2001-0736. Local exploit for linux platform
idEDB-ID:20493
last seen2016-02-02
modified2000-12-11
published2000-12-11
reportermat
sourcehttps://www.exploit-db.com/download/20493/
titleUniversity of Washington Pico 3.x/4.x File Overwrite Vulnerability

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-047.NASL
descriptionVersions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. Update : The packages for 7.1 and Corporate Server did not properly update the menu entries. These updated packages update the menu entries.
last seen2020-06-01
modified2020-06-02
plugin id13866
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13866
titleMandrake Linux Security Advisory : pine (MDKSA-2001:047-1)

Redhat

advisories
rhsa
idRHSA-2001:042