CVE-ID

CVE-2000-0715

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
N/A
Date Entry Created
20000919 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20080226)
Votes (Legacy)
ACCEPT(3) Baker, Levy, Williams
MODIFY(2) Christey, Cox
NOOP(2) Cole, Wall
Comments (Legacy)
 Christey> XF:diskcheck-tmp-race-condition
   http://xforce.iss.net/static/5061.php
 Christey> ADDREF REDHAT:RHSA-2000:122-04 ?
   The advisory addresses some diskcheck symlink vulnerability,
   but the initial announcement was 4 months before the advisory
   was released; however, the DiskCheck versions seem to
   correspond.
 Christey> See various Bugtraq posts relating to this, and verify if the
   Conectiva/Red Hat/etc. advisories are really addressing this
   particular problem.
   e.g.: BUGTRAQ:20000622 Re: rh 6.2 - gid compromises, etc [+ MORE!!!]
   http://marc.theaimsgroup.com/?l=bugtraq&m=96172022819526&w=2
   BUGTRAQ:20000810 CONECTIVA LINUX SECURITY ANNOUNCEMENT - diskcheck
   http://marc.theaimsgroup.com/?l=bugtraq&m=96604843017702&w=2
   REDHAT:RHSA-2000:122-06
   http://marc.theaimsgroup.com/?l=bugtraq&m=97649229201967&w=2
   BID:2050
   URL:http://www.securityfocus.com/bid/2050
 Christey> The following RedHat advisory appears to identify the same
   problem as one that was posted to Bugtraq on August 8, 2000:
   REDHAT:RHSA-2000:122-06
   http://www.redhat.com/support/errata/powertools/RHSA-2000-122.html
   
   See the following BugID, as referenced in the advisory:
   http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11724
   So, add:
   BID:2050
   URL:http://www.securityfocus.com/bid/2050
   XF:linux-diskcheck-race-symlink
   URL:http://xforce.iss.net/static/5624.php
   
   [note the apparent BID duplicates, however]
 CHANGE> [Christey changed vote from NOOP to MODIFY]
 Christey> Missing BID - BID:1552
 Cox> ADDREF REDHAT:RHSA-2000:122

Proposed (Legacy)
20000921
This is an entry on the CVE list, which standardizes names for security problems.