CVE-2002-2382
CVSup 1.2 - Arbitrary File Write via Symlink Attack on /var/tmp/cvsupd.out
Title source: llmDescription
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
References (3)
Core 3
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6150
Third Party Advisory mailing-list
x_refsource_mlist
http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10610.php
Scores
EPSS
0.0031
EPSS Percentile
22.6%
Details
CWE
CWE-59
Status
published
Products (1)
cvsup/cvsup
1.2
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026