CVE-2002-0211
Tarantella Enterprise 3 - gunzip Race Condition
Severity Score
6.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
La condición de carrera en el script de instalación de Tarantella Enterprise 3 versiones 3.01 a 3.20 crea un programa temporal ""gunzip"" con permiso de escritura para todos los usuarios antes de ejecutarlo, lo cual podría permitir a usuarios locales la ejecución de comandos arbitrarios modificando el programa antes de que sea ejecutado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-02-08 First Exploit
- 2002-05-01 CVE Reserved
- 2002-05-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101208650722179&w=2 | Mailing List | |
| http://www.securityfocus.com/bid/3966 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21244 | 2002-02-08 | |
| http://online.securityfocus.com/archive/1/265845 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.iss.net/security_center/static/7996.php | 2024-02-14 | |
| http://www.tarantella.com/security/bulletin-04.html | 2024-02-14 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tarantella Search vendor "Tarantella" | Tarantella Enterprise Search vendor "Tarantella" for product "Tarantella Enterprise" | 3.3.0 Search vendor "Tarantella" for product "Tarantella Enterprise" and version "3.3.0" | - |
Affected
| ||||||
| Tarantella Search vendor "Tarantella" | Tarantella Enterprise Search vendor "Tarantella" for product "Tarantella Enterprise" | 3.3.0.1 Search vendor "Tarantella" for product "Tarantella Enterprise" and version "3.3.0.1" | - |
Affected
| ||||||
| Tarantella Search vendor "Tarantella" | Tarantella Enterprise Search vendor "Tarantella" for product "Tarantella Enterprise" | 3.3.10 Search vendor "Tarantella" for product "Tarantella Enterprise" and version "3.3.10" | - |
Affected
| ||||||
| Tarantella Search vendor "Tarantella" | Tarantella Enterprise Search vendor "Tarantella" for product "Tarantella Enterprise" | 3.3.11 Search vendor "Tarantella" for product "Tarantella Enterprise" and version "3.3.11" | - |
Affected
| ||||||
| Tarantella Search vendor "Tarantella" | Tarantella Enterprise Search vendor "Tarantella" for product "Tarantella Enterprise" | 3.3.20 Search vendor "Tarantella" for product "Tarantella Enterprise" and version "3.3.20" | - |
Affected
| ||||||