CVE-2001-1494 — MEDIUM (5.5)

Q: How severe is CVE-2001-1494?

CVE-2001-1494 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2001-1494?

Check the references section above for vendor advisories and patch information. Affected products include: Kernel Util-Linux, Avaya Cvlan, Avaya Integrated Management Suit, Avaya Interactive Response, Avaya Intuity Lx.

Vulnerability Description

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Kernel	Util-Linux	< 2.11n
Avaya	Cvlan	All versions
Avaya	Integrated Management Suit	All versions
Avaya	Interactive Response	All versions
Avaya	Intuity Lx	All versions
Avaya	Message Networking	All versions
Avaya	Messaging Storage Server	All versions

Related Weaknesses (CWE)

CWE-59

References

http://seclists.org/bugtraq/2001/Dec/0122.htmlMailing ListThird Party Advisory
http://seclists.org/bugtraq/2001/Dec/0123.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/16785Broken Link
http://secunia.com/advisories/18502Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htmThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-782.htmlBroken LinkVendor Advisory
http://www.securityfocus.com/bid/16280Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7718Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://seclists.org/bugtraq/2001/Dec/0122.htmlMailing ListThird Party Advisory
http://seclists.org/bugtraq/2001/Dec/0123.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/16785Broken Link
http://secunia.com/advisories/18502Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htmThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-782.htmlBroken LinkVendor Advisory

FAQ

What is CVE-2001-1494?

CVE-2001-1494 is a vulnerability with a CVSS score of 5.5 (MEDIUM). script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root exe...

How severe is CVE-2001-1494?

CVE-2001-1494 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-1494?

Check the references section above for vendor advisories and patch information. Affected products include: Kernel Util-Linux, Avaya Cvlan, Avaya Integrated Management Suit, Avaya Interactive Response, Avaya Intuity Lx.