Vulnerabilities > CVE-2002-0658 - Unspecified vulnerability in Ossp MM

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ossp

nessus

exploit available

NVD

Published: 2002-08-12

Updated: 2024-11-20

Summary

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.

Vulnerable Configurations

Part	Description	Count
Application	Ossp Ossp MM 1.0.6 Ossp MM 1.0.10 Ossp MM 1.0.8 Ossp MM 1.0.7 Ossp MM 1.0.11 Ossp MM 1.1.1 Ossp MM 1.1.3 Ossp MM 1.0.0 Ossp MM 1.0.1 Ossp MM 1.0.5 Ossp MM 1.0.12 Ossp MM 1.0.2 Ossp MM 1.0.9 Ossp MM 1.1.0 Ossp MM 1.0.3 Ossp MM 1.0.4 Ossp MM 1.1.2	17

Exploit-Db

description	MM 1.0.x/1.1.x Shared Memory Library Temporary File Privilege Escalation Vulnerability. CVE-2002-0658. Local exploit for linux platform
id	EDB-ID:21667
last seen	2016-02-02
modified	2002-07-29
published	2002-07-29
reporter	Sebastian Krahmer
source	https://www.exploit-db.com/download/21667/
title	MM 1.0.x/1.1.x - Shared Memory Library Temporary File Privilege Escalation Vulnerability

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27263.NASL
description	s700_800 11.04 Virtualvault 4.6 OpenSSH Update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658.
last seen	2020-06-01
modified	2020-06-02
plugin id	16849
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16849
title	HP-UX PHSS_27263 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27656.NASL
description	s700_800 11.04 Webproxy server 2.0 update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658.
last seen	2020-06-01
modified	2020-06-02
plugin id	17484
published	2005-03-18
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17484
title	HP-UX PHSS_27656 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_18706.NASL
description	Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.
last seen	2016-09-26
modified	2013-01-25
plugin id	18706
published	2005-07-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=18706
title	SSA-18706 Security updates for Slackware 8.1

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27423.NASL
description	s700_800 11.04 Virtualvault 4.6 Inside Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers. (HPSBUX00197 SSRT2332)
last seen	2020-06-01
modified	2020-06-02
plugin id	17477
published	2005-03-18
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17477
title	HP-UX PHSS_27423 : s700_800 11.04 Virtualvault 4.6 Inside Server Update

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27476.NASL
description	s700_800 11.04 Virtualvault 4.6 inside server support : The remote HP-UX host is affected by multiple vulnerabilities : - Potential vulnerability in Apache web servers while handling SSL requests. - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658.
last seen	2020-06-01
modified	2020-06-02
plugin id	16808
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16808
title	HP-UX PHSS_27476 : s700_800 11.04 Virtualvault 4.6 inside server support

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27655.NASL
description	s700_800 11.04 HP Praesidium Webproxy 1.0 server update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658.
last seen	2020-06-01
modified	2020-06-02
plugin id	17483
published	2005-03-18
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17483
title	HP-UX PHSS_27655 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27637.NASL
description	s700_800 11.04 Virtualvault 4.6 TGP IP Aliasing fix : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658.
last seen	2020-06-01
modified	2020-06-02
plugin id	17481
published	2005-03-18
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17481
title	HP-UX PHSS_27637 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-137.NASL
description	Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library. This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	14974
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14974
title	Debian DSA-137-1 : mm - insecure temporary files

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27477.NASL
description	s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers. (HPSBUX00197 SSRT2332)
last seen	2020-06-01
modified	2020-06-02
plugin id	16807
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16807
title	HP-UX PHSS_27477 : s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2002-154.NASL
description	Updated mm packages are now available for Red Hat Linux Advanced Server. This update addresses possible vulnerabilities in how the MM library opens temporary files. The MM library provides an abstraction layer which allows related processes to easily share data. On systems where shared memory or other inter-process communication mechanisms are not available, the MM library will emulate them using temporary files. MM is used in Red Hat Linux to providing shared memory pools to Apache modules. Versions of MM up to and including 1.1.3 open temporary files in an unsafe manner, allowing a malicious local user to cause an application which uses MM to overwrite any file to which it has write access. All users are advised to upgrade to these errata packages which contain a patched version of MM that is not vulnerable to this issue. Thanks to Marcus Meissner for providing a patch for this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	12314
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12314
title	RHEL 2.1 : mm (RHSA-2002:154)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2002-045.NASL
description	Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained.
last seen	2020-06-01
modified	2020-06-02
plugin id	13948
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13948
title	Mandrake Linux Security Advisory : mm (MDKSA-2002:045)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_27627.NASL
description	s700_800 11.04 Virtualvault 4.5 inside server support : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - Potential vulnerability in Apache web servers while handling SSL requests.
last seen	2020-06-01
modified	2020-06-02
plugin id	17480
published	2005-03-18
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17480
title	HP-UX PHSS_27627 : s700_800 11.04 Virtualvault 4.5 inside server support

Redhat

advisories

rhsa
id RHSA-2002:153
rhsa
id RHSA-2002:154
rhsa
id RHSA-2002:156
rhsa
id RHSA-2002:163
rhsa
id RHSA-2002:164
rhsa
id RHSA-2003:158

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Redhat

References