Vulnerability Description
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Judd Montgomery | Jpilot | All versions |
References
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3Patch
- http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&frVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5762
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3Patch
- http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&frVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5762
FAQ
What is CVE-2001-0067?
CVE-2001-0067 is a vulnerability with a CVSS score of 2.1 (LOW). The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
How severe is CVE-2001-0067?
CVE-2001-0067 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0067?
Check the references section above for vendor advisories and patch information. Affected products include: Judd Montgomery Jpilot.