Vulnerability Description
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gert Doering | Mgetty | 1.1.19 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.htmlExploitVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/1612ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.htmlExploitVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/1612ExploitPatchVendor Advisory
FAQ
What is CVE-2000-0691?
CVE-2000-0691 is a vulnerability with a CVSS score of 2.1 (LOW). The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the targ...
How severe is CVE-2000-0691?
CVE-2000-0691 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0691?
Check the references section above for vendor advisories and patch information. Affected products include: Gert Doering Mgetty.