Sign-up

ID

VAR-200107-0174


CVE

CVE-2001-0384


TITLE

Siemens Reliant Unix ppd -T Competitive condition loophole

Trust: 0.6

sources: CNNVD: CNNVD-200107-010

DESCRIPTION

ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. Reliant Unix is a variant of the UNIX Operating System distributed by Fujitsu-Siemens. Reliant Unix is a scalable UNIX Operating system designed for use on Siemens servers. A problem in the operating system could make it possible for a user to deny service to legitimate users. Due to the improper checking of file creation rights by the ppd software package included with the operating system, it is possible for a user to create a symbolic link in /tmp with the name ppd.trace, and overwrite any file on the system. This vulnerability makes it possible for a local user to overwrite sensitive system files, potentially denying service to legitimate users, and possibly gaining elevated privileges. There is a vulnerability in Reliant Sinix's ppd

Trust: 1.26

sources: NVD: CVE-2001-0384 // BID: 2606 // VULHUB: VHN-3203

AFFECTED PRODUCTS

vendor:siemensmodel:reliant unixscope:lteversion:5.45

Trust: 1.0

vendor:siemensmodel:reliant unixscope:eqversion:5.45

Trust: 0.9

vendor:siemensmodel:reliant unixscope:eqversion:5.44

Trust: 0.3

vendor:siemensmodel:reliant unixscope:eqversion:5.43

Trust: 0.3

sources: BID: 2606 // CNNVD: CNNVD-200107-010 // NVD: CVE-2001-0384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0384
value: LOW

Trust: 1.0

CNNVD: CNNVD-200107-010
value: LOW

Trust: 0.6

VULHUB: VHN-3203
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2001-0384
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3203
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3203 // CNNVD: CNNVD-200107-010 // NVD: CVE-2001-0384

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0384

THREAT TYPE

local

Trust: 0.9

sources: BID: 2606 // CNNVD: CNNVD-200107-010

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200107-010

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3203

EXTERNAL IDS
db:NVDid:CVE-2001-0384
Trust: 2.0
db:BIDid:2606
Trust: 2.0
db:CNNVDid:CNNVD-200107-010
Trust: 0.7
db:BUGTRAQid:20010414 RE: RELIANT UNIX 5.43 / 5.44 ICMP PORT UNREACHABLE PROBLEM
Trust: 0.6
db:SEEBUGid:SSVID-74627
Trust: 0.1
db:EXPLOIT-DBid:20769
Trust: 0.1
db:VULHUBid:VHN-3203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-3203 // 
            
            
            
            BID: 2606 // 
            
            
            
            CNNVD: CNNVD-200107-010 // 
            
            
            
            NVD: CVE-2001-0384

REFERENCES
url:http://www.securityfocus.com/bid/2606
Trust: 1.7
url:http://www.securityfocus.com/archive/1/176709
Trust: 1.7
sources:
            
            
            VULHUB: VHN-3203 // 
            
            
            
            CNNVD: CNNVD-200107-010 // 
            
            
            
            NVD: CVE-2001-0384

CREDITS
This vulnerability was announced to Bugtraq by Pablo Ruiz Garcia <pruiz@ip6seguridad.com> on April 14, 2001.
Trust: 0.9
sources:
            
            
            BID: 2606 // 
            
            
            
            CNNVD: CNNVD-200107-010

SOURCES
db:VULHUBid:VHN-3203
db:BIDid:2606
db:CNNVDid:CNNVD-200107-010
db:NVDid:CVE-2001-0384

LAST UPDATE DATE
2024-08-14T14:00:58.576000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-3203date:2008-09-05T00:00:00
db:BIDid:2606date:2009-07-11T06:06:00
db:CNNVDid:CNNVD-200107-010date:2005-10-20T00:00:00
db:NVDid:CVE-2001-0384date:2008-09-05T20:23:58.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-3203date:2001-07-02T00:00:00
db:BIDid:2606date:2001-04-14T00:00:00
db:CNNVDid:CNNVD-200107-010date:2001-07-02T00:00:00
db:NVDid:CVE-2001-0384date:2001-07-02T04:00:00