Tarantella Enterprise 3符号链接漏洞

漏洞信息详情

Tarantella Enterprise 3符号链接漏洞

• CNNVD编号：CNNVD-200205-149
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2002-0296
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-05-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  tarantella
• 漏洞来源：
  Discovered by Larr…

Tarantella Enterprise 3版本的安装存在漏洞。本地用户借助\”spinning\”临时文件中的符号链接攻击覆盖任意文件。

The vendor is reportedly aware of the vulnerability and plans to correct it in the next release.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: tarantella-tmp-spinning-symlink(8223)
链接:http://xforce.iss.net/xforce/xfdb/8223

来源: BID
名称: 4115
链接:http://www.securityfocus.com/bid/4115

来源: BUGTRAQ
名称: 20020219 Another local root vulnerability during installation of Tarantella Enterprise 3.
链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.html

来源: BUGTRAQ
名称: 20020224 Exploit for Tarantella Enterprise installation (bid 4115)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101467193803592&w=2