Vulnerabilities > CVE-2002-0658 - Privilege Escalation vulnerability in MM Shared Memory Library Temporary File
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 17 |
Exploit-Db
| description | MM 1.0.x/1.1.x Shared Memory Library Temporary File Privilege Escalation Vulnerability. CVE-2002-0658. Local exploit for linux platform |
| id | EDB-ID:21667 |
| last seen | 2016-02-02 |
| modified | 2002-07-29 |
| published | 2002-07-29 |
| reporter | Sebastian Krahmer |
| source | https://www.exploit-db.com/download/21667/ |
| title | MM 1.0.x/1.1.x - Shared Memory Library Temporary File Privilege Escalation Vulnerability |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27263.NASL description s700_800 11.04 Virtualvault 4.6 OpenSSH Update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. last seen 2020-06-01 modified 2020-06-02 plugin id 16849 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16849 title HP-UX PHSS_27263 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27656.NASL description s700_800 11.04 Webproxy server 2.0 update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. last seen 2020-06-01 modified 2020-06-02 plugin id 17484 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17484 title HP-UX PHSS_27656 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2) NASL family Slackware Local Security Checks NASL id SLACKWARE_18706.NASL description Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php. last seen 2016-09-26 modified 2013-01-25 plugin id 18706 published 2005-07-13 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=18706 title SSA-18706 Security updates for Slackware 8.1 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27423.NASL description s700_800 11.04 Virtualvault 4.6 Inside Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers. (HPSBUX00197 SSRT2332) last seen 2020-06-01 modified 2020-06-02 plugin id 17477 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17477 title HP-UX PHSS_27423 : s700_800 11.04 Virtualvault 4.6 Inside Server Update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27476.NASL description s700_800 11.04 Virtualvault 4.6 inside server support : The remote HP-UX host is affected by multiple vulnerabilities : - Potential vulnerability in Apache web servers while handling SSL requests. - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. last seen 2020-06-01 modified 2020-06-02 plugin id 16808 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16808 title HP-UX PHSS_27476 : s700_800 11.04 Virtualvault 4.6 inside server support NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27655.NASL description s700_800 11.04 HP Praesidium Webproxy 1.0 server update : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. last seen 2020-06-01 modified 2020-06-02 plugin id 17483 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17483 title HP-UX PHSS_27655 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27637.NASL description s700_800 11.04 Virtualvault 4.6 TGP IP Aliasing fix : Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. last seen 2020-06-01 modified 2020-06-02 plugin id 17481 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17481 title HP-UX PHSS_27637 : HPSBUX0209-217 Sec. Vulnerability in Apache OpenSSL (rev.2) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-137.NASL description Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library. This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user last seen 2020-06-01 modified 2020-06-02 plugin id 14974 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14974 title Debian DSA-137-1 : mm - insecure temporary files NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27477.NASL description s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers. (HPSBUX00197 SSRT2332) last seen 2020-06-01 modified 2020-06-02 plugin id 16807 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16807 title HP-UX PHSS_27477 : s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-154.NASL description Updated mm packages are now available for Red Hat Linux Advanced Server. This update addresses possible vulnerabilities in how the MM library opens temporary files. The MM library provides an abstraction layer which allows related processes to easily share data. On systems where shared memory or other inter-process communication mechanisms are not available, the MM library will emulate them using temporary files. MM is used in Red Hat Linux to providing shared memory pools to Apache modules. Versions of MM up to and including 1.1.3 open temporary files in an unsafe manner, allowing a malicious local user to cause an application which uses MM to overwrite any file to which it has write access. All users are advised to upgrade to these errata packages which contain a patched version of MM that is not vulnerable to this issue. Thanks to Marcus Meissner for providing a patch for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12314 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12314 title RHEL 2.1 : mm (RHSA-2002:154) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-045.NASL description Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained. last seen 2020-06-01 modified 2020-06-02 plugin id 13948 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13948 title Mandrake Linux Security Advisory : mm (MDKSA-2002:045) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_27627.NASL description s700_800 11.04 Virtualvault 4.5 inside server support : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - Potential vulnerability in Apache web servers while handling SSL requests. last seen 2020-06-01 modified 2020-06-02 plugin id 17480 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17480 title HP-UX PHSS_27627 : s700_800 11.04 Virtualvault 4.5 inside server support
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
- http://online.securityfocus.com/advisories/4392
- http://rhn.redhat.com/errata/RHSA-2002-153.html
- http://rhn.redhat.com/errata/RHSA-2002-154.html
- http://rhn.redhat.com/errata/RHSA-2002-156.html
- http://rhn.redhat.com/errata/RHSA-2002-164.html
- http://www.debian.org/security/2002/dsa-137
- http://www.iss.net/security_center/static/9719.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
- http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
- http://www.redhat.com/support/errata/RHSA-2002-163.html
- http://www.redhat.com/support/errata/RHSA-2003-158.html
- http://www.securityfocus.com/bid/5352