|
|
| CVE-ID | ||
|---|---|---|
CVE-2000-0151 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 20000216 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Proposed (20000216) | ||
| Votes (Legacy) | ||
| ACCEPT(3) Bishop, Blake, Levy MODIFY(1) Frech NOOP(3) Baker, Cole, LeBlanc REJECT(1) Christey |
||
| Comments (Legacy) | ||
Frech> XF:gnu-makefile-tmp-root (We have made assignment to two CANs. Requesting confirmation that this is not a duplicate of CVE-2000-0092: The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.) Christey> To confirm Andre's question, this is being treated as different from CVE-2000-0092, based largely on the fact that the exploit is different. I believe there was another reason for keeping these distinct, but that "deeper analysis" was not recorded :-( While it's possible that this is the same bug from some common version of make, in the absence of other information we should probably keep these two split. CHANGE> [Christey changed vote from NOOP to REVIEWING] CHANGE> [Christey changed vote from REVIEWING to REJECT] Christey> Taking a fresh look at the diff's for FreeBSD make: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc And Debian make: http://security.debian.org/dists/slink/updates/source/make_3.77-5slink.diff.gz OK... now that I've hurt my brain looking at the code, while there are major differences in the surrounding code, ultimately both FreeBSD and Debian create an "outfile" file descriptor for the temporary file, within main() in main.c. In addition, child_execute_job() in job.c uses an outfile variable - for both sources. Perhaps FreeBSD reported the -j problem without seeing that it could come in from stdin as well, and/or Debian/etc. didn't realize that it was exploitable from job control, or maybe a combination of the two. Regardless, the two problems are the same. Phew! There goes a half-hour of my life that I'll never be able to get back... |
||
| Proposed (Legacy) | ||
| 20000216 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||