CVE-2000-1134 | Vulnerability Database | Aqua Security

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing « redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Affected Software

Name	Vendor	Start Version	End Version
Immunix	Immunix	6.2 (including)	6.2 (including)
Linux	Conectiva	4.0 (including)	4.0 (including)
Linux	Conectiva	4.0es (including)	4.0es (including)
Linux	Conectiva	4.1 (including)	4.1 (including)
Linux	Conectiva	4.2 (including)	4.2 (including)
Linux	Conectiva	5.0 (including)	5.0 (including)
Linux	Conectiva	5.1 (including)	5.1 (including)
Red Hat Linux 5.2	RedHat		*
Red Hat Linux 6.0	RedHat		*
Red Hat Linux 6.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.0j	RedHat		*

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000350
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000354
http://marc.info/?l=bugtraq\u0026m=97561816504170\u0026w=2
http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
http://www.debian.org/security/2000/20001111a
http://www.kb.cert.org/vuls/id/10277
http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
http://www.redhat.com/support/errata/RHSA-2000-117.html
http://www.redhat.com/support/errata/RHSA-2000-121.html
http://www.securityfocus.com/archive/1/146657
http://www.securityfocus.com/bid/1926
http://www.securityfocus.com/bid/2006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000350
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000354
http://marc.info/?l=bugtraq\u0026m=97561816504170\u0026w=2
http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
http://www.debian.org/security/2000/20001111a
http://www.kb.cert.org/vuls/id/10277
http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
http://www.redhat.com/support/errata/RHSA-2000-117.html
http://www.redhat.com/support/errata/RHSA-2000-121.html
http://www.securityfocus.com/archive/1/146657
http://www.securityfocus.com/bid/1926
http://www.securityfocus.com/bid/2006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4047

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-1134
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html