Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0293Path Equivalence: 'file name' (Internal Whitespace) in Linux

CWE-48Path Equivalence: 'file name' (Internal Whitespace)6 documents5 sources
Severity
2.1LOWNVD
EPSS
0.5%
top 34.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Suse Linux
Timeline
PublishedMay 2
Latest updateApr 30

Description

aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDsuse/suse_linux5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-xmpr-c4ff-x7wm: aaa_base in SuSE Linux 62022-04-30
CVEList
CVE-2000-0293: aaa_base in SuSE Linux 62000-04-26

💥Exploits & PoCs

2
Exploit-DB
PalmOS 3/4 - ICMP Flood Remote Denial of Service2003-05-14
Exploit-DB
SuSE Linux 6.x - Arbitrary File Deletion2000-04-21

📐Framework References

1
CWE
Path Equivalence: 'file name' (Internal Whitespace)
CVE-2000-0293 — Suse Linux vulnerability | cvebase