Symlink Vulnerability in GNU ed Affects Multiple Linux Distros
CVE-2000-1137

Currently unrated

Key Information:

Vendor: Gnu
Status: Ed
Vendor: CVE Published:; 9 January 2001

Summary

The vulnerability in GNU ed prior to version 0.2-18.1 allows local attackers to exploit symlink attacks, potentially leading to the unauthorized overwriting of files belonging to other users. This occurs when the vulnerable version does not properly handle symbolic links, giving malicious users the opportunity to create links pointing to sensitive files. As a result, any user with access to the vulnerable ed command can compromise the integrity of files across the system.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

https://exchange.xforce.ibmcloud.com/vulnerabilities/5723

vdb-entryx_refsource_XF

http://www.osvdb.org/6491

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 9, 2001
Vulnerability Reserved
Dec 14, 2000