Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0736

6 documents6 sources

Severity

2.1LOW

EPSS

0.2%

top 61.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

University OF Washington Pine Engardelinux Secure Linux Immunix Immunix +3 more

Timeline

PublishedOct 18

Latest updateApr 30

Description

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

▶NVDuniversity_of_washington/pine4.33

▶NVDredhat/linux5.2, 6.2, 7.0+2

▶NVDimmunix/immunix6.2, 7.0, 7.0_beta+2

▶NVDengardelinux/secure_linux1.0.1

▶NVDmandrakesoft/mandrake_linux7.1, 7.2, 8.0+2

Patches

Patch: www.linux-mandrake.com ↗Patch: www.redhat.com ↗Patch: www.linux-mandrake.com ↗

🔴Vulnerability Details

GHSA

GHSA-xqxf-jjq4-grw6: Vulnerability in (1) pine before 4↗2022-04-30

▶

CVEList

CVE-2001-0736: Vulnerability in (1) pine before 4↗2001-10-12

▶

💥Exploits & PoCs

Exploit-DB

University of Washington Pico 3.x/4.x - File Overwrite↗2000-12-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-03-31

▶

💬Community

Bugzilla

CVE-2001-0736 security flaw↗2018-08-16

▶