CVE-2002-0211

Tarantella Enterprise <3.20 - Code Injection

Title source: llm

Description

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Larry Cashdollar · perllocalunix

https://www.exploit-db.com/exploits/21244

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3966

[Mailing List] http://marc.info/?l=bugtraq&m=101208650722179&w=2

[Exploit] http://online.securityfocus.com/archive/1/265845

[Patch, Vendor Advisory, URL Repurposed] http://www.tarantella.com/security/bulletin-04.html

[Patch, Vendor Advisory] http://www.iss.net/security_center/static/7996.php

Scores

EPSS 0.0032

EPSS Percentile 54.6%

Details

Status published

Products (5)

tarantella/tarantella_enterprise 3.3.0

tarantella/tarantella_enterprise 3.3.0.1

tarantella/tarantella_enterprise 3.3.10

tarantella/tarantella_enterprise 3.3.11

tarantella/tarantella_enterprise 3.3.20

Published May 16, 2002

Tracked Since Feb 18, 2026