CVE-2001-0416 — Sgml-tools vulnerability

5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 73.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Sgml-tools Immunix Mandrakesoft Mandrake Linux

Timeline

PublishedJun 27

Latest updateApr 30

Description

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDdebian/sgml-tools1.0.9.15

▶NVDimmunix/immunix6.2, 7.0, 7.0_beta+2

▶NVDmandrakesoft/mandrake_linux4 versions+3

Patches

Patch: distro.conectiva.com.br ↗Patch: www.linux-mandrake.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jrxx-vxgm-j5r5: sgml-tools (aka sgmltools) before 1↗2022-04-30

▶

CVEList

CVE-2001-0416: sgml-tools (aka sgmltools) before 1↗2002-03-09

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-03-08

▶

💬Community

Bugzilla

CVE-2001-0416 security flaw↗2018-08-16

▶