CVE-2000-1134
UUCP - File Creation/Overwriting Symlinks
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2000-01-02 First Exploit
- 2000-12-14 CVE Reserved
- 2000-12-19 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html | Mailing List | |
| http://marc.info/?l=bugtraq&m=97561816504170&w=2 | Mailing List | |
| http://www.kb.cert.org/vuls/id/10277 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/146657 | Mailing List | |
| http://www.securityfocus.com/bid/1926 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/217 | 2000-12-04 | |
| https://www.exploit-db.com/exploits/20436 | 2000-01-02 | |
| http://www.securityfocus.com/bid/2006 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc | 2017-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Immunix Search vendor "Immunix" | Immunix Search vendor "Immunix" for product "Immunix" | 6.2 Search vendor "Immunix" for product "Immunix" and version "6.2" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 4.0 Search vendor "Conectiva" for product "Linux" and version "4.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 4.0es Search vendor "Conectiva" for product "Linux" and version "4.0es" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 4.1 Search vendor "Conectiva" for product "Linux" and version "4.1" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 4.2 Search vendor "Conectiva" for product "Linux" and version "4.2" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 5.0 Search vendor "Conectiva" for product "Linux" and version "5.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 5.1 Search vendor "Conectiva" for product "Linux" and version "5.1" | - |
Affected
| ||||||
| Caldera Search vendor "Caldera" | Openlinux Search vendor "Caldera" for product "Openlinux" | * | - |
Affected
| ||||||
| Caldera Search vendor "Caldera" | Openlinux Edesktop Search vendor "Caldera" for product "Openlinux Edesktop" | 2.4 Search vendor "Caldera" for product "Openlinux Edesktop" and version "2.4" | - |
Affected
| ||||||
| Caldera Search vendor "Caldera" | Openlinux Eserver Search vendor "Caldera" for product "Openlinux Eserver" | 2.3 Search vendor "Caldera" for product "Openlinux Eserver" and version "2.3" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | 11.11 Search vendor "Hp" for product "Hp-ux" and version "11.11" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 6.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "6.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 6.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "6.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 7.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "7.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 7.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "7.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 7.2 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.2 Search vendor "Redhat" for product "Linux" and version "5.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.0 Search vendor "Redhat" for product "Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.1 Search vendor "Redhat" for product "Linux" and version "6.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.2 Search vendor "Redhat" for product "Linux" and version "6.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.2e Search vendor "Redhat" for product "Linux" and version "6.2e" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 7.0 Search vendor "Suse" for product "Suse Linux" and version "7.0" | - |
Affected
| ||||||