CVE-2002-0169

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://online.securityfocus.com/advisories/4095
http://www.iss.net/security_center/static/8983.php
http://www.osvdb.org/5349
http://www.redhat.com/support/errata/RHSA-2002-062.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/4654

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:docbook_stylesheets:1.54.13:::::::*
	cpe:2.3:a:redhat:docbook_utils:0.6.9-2:::::::*
	cpe:2.3:a:redhat:docbook_utils:0.6.13:::::::*

History

No history.

Information

Published : 2002-05-29 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-0169

Mitre link : CVE-2002-0169

CVE.ORG link : CVE-2002-0169

JSON object : View

Products Affected

redhat

docbook_stylesheets
docbook_utils

CWE

NVD-CWE-Other

{"id": "CVE-2002-0169", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-05-29T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/advisories/4095", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8983.php", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5349", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-062.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4654", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier."}, {"lang": "es", "value": "La hoja de estilo por defecto de DocBook en RedHat Linux 6.2 a 7.2 se instala con una opci\u00f3n insegura activada, lo que podr\u00eda permitir a usuarios sobreescribir ficheros fuera del directorio actual desde un documento no de confianza, usando una ruta larga como elemento identificador."}], "lastModified": "2008-09-11T00:00:37.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:docbook_stylesheets:1.54.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FB39657-9421-419D-9F23-7719CD834D78"}, {"criteria": "cpe:2.3:a:redhat:docbook_utils:0.6.9-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4966560B-32E1-416E-8A56-53D4A9991155"}, {"criteria": "cpe:2.3:a:redhat:docbook_utils:0.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAAC8103-B804-4520-8AF8-67A333E50497"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}