CVE-ID

CVE-2000-1134

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20001214 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20061101)
Votes (Legacy)
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
REVIEWING(1) Christey
Comments (Legacy)
 Frech> XF:linux-bash-tmp-symlink(5593)
 Christey> Don't all these shell programs originate from the same
   codebase, including ksh?  If so, we should have a single CAN
   for all of these, and add:
   XF:ksh-redirection-symlink
   URL:http://xforce.iss.net/static/5811.php
   CONECTIVA:CLA-2000:354
   BUGTRAQ:20001208 Immunix OS Security update for tcsh
   http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0041.html
   BUGTRAQ:20001220 /bin/ksh creates insecure tmp files
   http://archives.neohapsis.com/archives/bugtraq/2000-12/0368.html
   BUGTRAQ:20001227 IBM Findings: Korn Shell Redirection Race Condition Vulnerability
   http://archives.neohapsis.com/archives/bugtraq/2000-12/0473.html
   
   Also see: http://archives.neohapsis.com/archives/bugtraq/2000-12/0420.html
   which gives some shell history which may be of use.
 Christey> ADDREF FREEBSD:FreeBSD-SA-01:03 for the bash problem.
 Christey> Consider adding BID:2148 if this CAN should include ksh
 Christey> SGI:20011103-01-I
   URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I
   Also, DELREF BID:2148 and BID:1926.  Keep BID:2006
 Christey> COMPAQ:SSRT1-41U
   URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0742U-59U.shtml
   CERT-VN:VU#10277
   URL:http://www.kb.cert.org/vuls/id/10277
 Christey> SGI:20011103-02-P
   URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
   Note that this is an update of the other SGI reference.
 Christey> CALDERA:CSSA-2001-SCO.24
   URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/CSSA-2001-SCO.24.1.txt
   CERT-VN:VU#10277
   URL:http://www.kb.cert.org/vuls/id/10277
 Christey> Missing BID - BID:1926
 Christey> HP:SSRT3618
   URL:http://archives.neohapsis.com/archives/hp/2003-q3/0042.html

Proposed (Legacy)
20001219
This is an entry on the CVE list, which standardizes names for security problems.