CVE-2001-0138

Description

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

Affected products

• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.2 – 2.2
• Debian / debian_linux2.2 – 2.2
• immunix / immunix7.0_beta – 7.0_beta
• mandrakesoft / mandrake_linux6.0 – 6.0
• mandrakesoft / mandrake_linux6.1 – 6.1
• mandrakesoft / mandrake_linux7.0 – 7.0
• mandrakesoft / mandrake_linux7.1 – 7.1
• mandrakesoft / mandrake_linux7.2 – 7.2
• mandrakesoft / mandrake_linux_corporate_server1.0.1 – 1.0.1
• RedHat / linux7.0 – 7.0

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=97916374410647&w=2
• MISChttp://www.securityfocus.com/bid/2189
• MISChttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/5915
• VENDOR_ADVISORYhttp://www.debian.org/security/2001/dsa-016