Vulnerabilities > CVE-2001-1277 - Local Security vulnerability in Makewhatis

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

wolfram-schneider

NVD

Published: 2001-06-11

Updated: 2016-10-18

Summary

makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.

Vulnerable Configurations

Part	Description	Count
Application	Wolfram_Schneider Wolfram Schneider Makewhatis *	1

Redhat

advisories

rhsa

id	RHSA-2001:072

References

http://marc.info/?l=bugtraq&m=99227597227747&w=2
http://www.redhat.com/support/errata/RHSA-2001-072.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805