Vulnerability Description
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tarantella | Tarantella Enterprise | 3.3.0 |
References
- http://marc.info/?l=bugtraq&m=101208650722179&w=2
- http://online.securityfocus.com/archive/1/265845Exploit
- http://www.iss.net/security_center/static/7996.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/3966
- http://www.tarantella.com/security/bulletin-04.htmlPatchVendor AdvisoryURL Repurposed
- http://marc.info/?l=bugtraq&m=101208650722179&w=2
- http://online.securityfocus.com/archive/1/265845Exploit
- http://www.iss.net/security_center/static/7996.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/3966
- http://www.tarantella.com/security/bulletin-04.htmlPatchVendor AdvisoryURL Repurposed
FAQ
What is CVE-2002-0211?
CVE-2002-0211 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execu...
How severe is CVE-2002-0211?
CVE-2002-0211 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0211?
Check the references section above for vendor advisories and patch information. Affected products include: Tarantella Tarantella Enterprise.