Vulnerability Description
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cvsup | Cvsup | 1.2 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html
- http://www.iss.net/security_center/static/10610.php
- http://www.securityfocus.com/bid/6150Patch
- http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html
- http://www.iss.net/security_center/static/10610.php
- http://www.securityfocus.com/bid/6150Patch
FAQ
What is CVE-2002-2382?
CVE-2002-2382 is a vulnerability with a CVSS score of 7.2 (HIGH). cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
How severe is CVE-2002-2382?
CVE-2002-2382 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2382?
Check the references section above for vendor advisories and patch information. Affected products include: Cvsup Cvsup.