Directory Traversal Vulnerability in FreeBSD, NetBSD, and OpenBSD
CVE-2001-1145

Currently unrated

Key Information:

Vendor: OpenBSD
Status: OpenBSD; Netbsd; FreeBSD
Vendor: CVE Published:; 17 August 2001

What is CVE-2001-1145?

The vulnerability in fts routines within FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can lead to unintentional directory access. When the parent directory is moved, these routines may inadvertently change the working directory to a potentially malicious location. This behavior can result in scripts executing in unintended directories, leading to harmful consequences such as data exposure or unauthorized actions.

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD...

vendor-advisoryx_refsource_FREEBSD

http://www.osvdb.org/5466

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/3205

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Mar 15, 2002
Vulnerability published
Aug 17, 2001