CVE-2001-1494 Information

Description

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system then having root execute the script command.

Reference

http://seclists.org/bugtraq/2001/Dec/0122.html http://seclists.org/bugtraq/2001/Dec/0123.html http://secunia.com/advisories/16785 http://secunia.com/advisories/18502 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm http://www.redhat.com/support/errata/RHSA-2005-782.html http://www.securityfocus.com/bid/16280 https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10723