CVE - CVE-2000-1134

CVE-ID
CVE-2000-1134	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:1926 URL:http://www.securityfocus.com/bid/1926 BID:2006 URL:http://www.securityfocus.com/bid/2006 BUGTRAQ:20001028 tcsh: unsafe tempfile in << redirects URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html BUGTRAQ:20001128 /bin/sh creates insecure tmp files URL:http://www.securityfocus.com/archive/1/146657 BUGTRAQ:20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE URL:http://marc.info/?l=bugtraq&m=97561816504170&w=2 CALDERA:CSSA-2000-042.0 URL:~~http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt~~ (Obsolete source - check if archived by the Wayback Machine) CALDERA:CSSA-2000-043.0 URL:~~http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt~~ (Obsolete source - check if archived by the Wayback Machine) CERT-VN:VU#10277 URL:http://www.kb.cert.org/vuls/id/10277 COMPAQ:SSRT1-41U URL:http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html CONECTIVA:CLA-2000:350 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350~~ (Obsolete source - check if archived by the Wayback Machine) CONECTIVA:CLSA-2000:354 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354~~ (Obsolete source - check if archived by the Wayback Machine) DEBIAN:20001111a URL:http://www.debian.org/security/2000/20001111a FREEBSD:FreeBSD-SA-00:76 URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc MANDRAKE:MDKSA-2000-069 URL:~~http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3~~ (Obsolete source) MANDRAKE:MDKSA-2000:075 URL:~~http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:4047 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047 REDHAT:RHSA-2000:117 URL:http://www.redhat.com/support/errata/RHSA-2000-117.html REDHAT:RHSA-2000:121 URL:http://www.redhat.com/support/errata/RHSA-2000-121.html SGI:20011103-02-P URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
Assigning CNA
MITRE Corporation
Date Record Created
20001214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20061101)
Votes (Legacy)
ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall REVIEWING(1) Christey
Comments (Legacy)
Frech> XF:linux-bash-tmp-symlink(5593) Christey> Don't all these shell programs originate from the same codebase, including ksh? If so, we should have a single CAN for all of these, and add: XF:ksh-redirection-symlink URL:http://xforce.iss.net/static/5811.php CONECTIVA:CLA-2000:354 BUGTRAQ:20001208 Immunix OS Security update for tcsh http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0041.html BUGTRAQ:20001220 /bin/ksh creates insecure tmp files http://archives.neohapsis.com/archives/bugtraq/2000-12/0368.html BUGTRAQ:20001227 IBM Findings: Korn Shell Redirection Race Condition Vulnerability http://archives.neohapsis.com/archives/bugtraq/2000-12/0473.html Also see: http://archives.neohapsis.com/archives/bugtraq/2000-12/0420.html which gives some shell history which may be of use. Christey> ADDREF FREEBSD:FreeBSD-SA-01:03 for the bash problem. Christey> Consider adding BID:2148 if this CAN should include ksh Christey> SGI:20011103-01-I URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I Also, DELREF BID:2148 and BID:1926. Keep BID:2006 Christey> COMPAQ:SSRT1-41U URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0742U-59U.shtml CERT-VN:VU#10277 URL:http://www.kb.cert.org/vuls/id/10277 Christey> SGI:20011103-02-P URL:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P Note that this is an update of the other SGI reference. Christey> CALDERA:CSSA-2001-SCO.24 URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/CSSA-2001-SCO.24.1.txt CERT-VN:VU#10277 URL:http://www.kb.cert.org/vuls/id/10277 Christey> Missing BID - BID:1926 Christey> HP:SSRT3618 URL:http://archives.neohapsis.com/archives/hp/2003-q3/0042.html
Proposed (Legacy)
20001219
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)