Strix
26.1K

CVE-2000-1134

UnknownEPSS 1.42%

Last modified

CVE-2000-1134 is a vulnerability of currently unknown severity. Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.. EPSS estimates a 1.42% chance of exploitation in the next 30 days.

Description

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Metrics

EPSS Probability
1.42%

69.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
ImmunixImmunix6.2
ConectivaLinux4.0
ConectivaLinux4.0es
ConectivaLinux4.1
ConectivaLinux4.2
ConectivaLinux5.0
ConectivaLinux5.1
CalderaOpenlinuxAll versions
CalderaOpenlinux Edesktop2.4
CalderaOpenlinux Eserver2.3
HpHp-Ux11.11
MandrakesoftMandrake Linux6.0
MandrakesoftMandrake Linux6.1
MandrakesoftMandrake Linux7.0
MandrakesoftMandrake Linux7.1
MandrakesoftMandrake Linux7.2
RedhatLinux5.2
RedhatLinux6.0
RedhatLinux6.1
RedhatLinux6.2
RedhatLinux6.2e
SuseSuse Linux7.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2000-1134?
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
How severe is CVE-2000-1134?
Severity scoring for CVE-2000-1134 is pending analysis. The EPSS model estimates a 1.42% probability of exploitation in the next 30 days.
How do I fix CVE-2000-1134?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2000-1134?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST