CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Published : 2001-01-09 05:00 Updated : 2017-10-19 01:29

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Redhat Linux 6.0 cpe:/o:redhat:linux:6.0
Redhat Linux 5.2 cpe:/o:redhat:linux:5.2
Redhat Linux 6.1 cpe:/o:redhat:linux:6.1
Redhat Linux 6.2e cpe:/o:redhat:linux:6.2e
Redhat Linux 6.2 cpe:/o:redhat:linux:6.2
Hp Hp-ux 11.11 cpe:/o:hp:hp-ux:11.11
Conectiva Linux 4.2 cpe:/o:conectiva:linux:4.2
Conectiva Linux 5.1 cpe:/o:conectiva:linux:5.1
Mandrakesoft Mandrake Linux 6.0 cpe:/o:mandrakesoft:mandrake_linux:6.0
Mandrakesoft Mandrake Linux 7.2 cpe:/o:mandrakesoft:mandrake_linux:7.2
Mandrakesoft Mandrake Linux 7.1 cpe:/o:mandrakesoft:mandrake_linux:7.1
Caldera Openlinux Eserver 2.3 cpe:/o:caldera:openlinux_eserver:2.3
Immunix Immunix 6.2 cpe:/a:immunix:immunix:6.2
Conectiva Linux 4.0 cpe:/o:conectiva:linux:4.0
Conectiva Linux 5.0 cpe:/o:conectiva:linux:5.0
Caldera Openlinux cpe:/o:caldera:openlinux
Conectiva Linux 4.0es cpe:/o:conectiva:linux:4.0es
Conectiva Linux 4.1 cpe:/o:conectiva:linux:4.1
Mandrakesoft Mandrake Linux 6.1 cpe:/o:mandrakesoft:mandrake_linux:6.1
Mandrakesoft Mandrake Linux 7.0 cpe:/o:mandrakesoft:mandrake_linux:7.0
Caldera Openlinux Edesktop 2.4 cpe:/o:caldera:openlinux_edesktop:2.4
Suse Suse Linux 7.0 cpe:/o:suse:suse_linux:7.0
  1. Hp (1) Search CVE
    1. Hp-ux (1) Search CVE
      1. 11.11
  2. Suse (1) Search CVE
    1. Suse Linux (1) Search CVE
      1. 7.0
  3. Immunix (1) Search CVE
    1. Immunix (1) Search CVE
      1. 6.2
  4. Mandrakesoft (1) Search CVE
    1. Mandrake Linux (5) Search CVE
      1. 6.0
      2. 7.2
      3. 7.1
      4. 6.1
      5. 7.0
  5. Caldera (3) Search CVE
    1. Openlinux (1) Search CVE
    2. Openlinux Edesktop (1) Search CVE
      1. 2.4
    3. Openlinux Eserver (1) Search CVE
      1. 2.3
  6. Conectiva (1) Search CVE
    1. Linux (6) Search CVE
      1. 4.2
      2. 5.1
      3. 4.0
      4. 5.0
      5. 4.0es
      6. 4.1
  7. Redhat (1) Search CVE
    1. Linux (5) Search CVE
      1. 6.0
      2. 5.2
      3. 6.1
      4. 6.2e
      5. 6.2

CWE

There is no CWE for this CVE.

History of changes

Date Event
2001-01-09 05:00

New CVE