Vulnerabilities > CVE-2002-0137 - Symbolic Link vulnerability in CDRDAO Home Directory Configuration File
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (1). CVE-2002-0137. Local exploit for linux platform id EDB-ID:21216 last seen 2016-02-02 modified 2002-01-13 published 2002-01-13 reporter anonymous source https://www.exploit-db.com/download/21216/ title CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability 1 description CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (4). CVE-2002-0137. Local exploit for linux platform id EDB-ID:21219 last seen 2016-02-02 modified 2002-01-13 published 2002-01-13 reporter Karol Wiesek source https://www.exploit-db.com/download/21219/ title CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability 4 description CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (3). CVE-2002-0137. Local exploit for linux platform id EDB-ID:21218 last seen 2016-02-02 modified 2002-01-13 published 2002-01-13 reporter anonymous source https://www.exploit-db.com/download/21218/ title CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability 3 description CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (2). CVE-2002-0137. Local exploit for linux platform id EDB-ID:21217 last seen 2016-02-02 modified 2002-01-13 published 2002-01-13 reporter atomi source https://www.exploit-db.com/download/21217/ title CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability 2
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2005-089.NASL |
description | The cdrdao package contains two vulnerabilities; the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~/.cdrdao configuration file. This can also lead to elevated privileges (a root shell) due to cdrdao being installed suid root. The provided packages have been patched to correct these issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18305 |
published | 2005-05-19 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18305 |
title | Mandrake Linux Security Advisory : cdrdao (MDKSA-2005:089) |
code |
|