CVE-2002-2001Improper Handling of Undefined Parameters in Jmcce

CWE-236Improper Handling of Undefined ParametersCWE-49Path Equivalence: 'filename/' (Trailing Slash)CWE-281Improper Preservation of PermissionsCWE-305Authentication Bypass by Primary WeaknessCWE-449The UI Performs the Wrong Action29 documents8 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 64.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JmcceMandrakesoft Mandrake Linux
Timeline
PublishedDec 31
Latest updateApr 30

Description

jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

NVDjmcce/jmcce1.3.8

Patches

Patch: www.iss.netPatch: www.securityfocus.comPatch: www.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-x5v5-9fj9-665w: jmcce 12022-04-30
CVEList
CVE-2002-2001: jmcce 12005-07-14

💥Exploits & PoCs

14
Exploit-DB
Fully Modded phpBB - 'kb.php' SQL Injection2008-03-12
Exploit-DB
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation2002-12-11
Exploit-DB
Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service2002-11-02
Exploit-DB
vBulletin 2.0.3 - 'calendar.php' Command Execution2002-09-27
Exploit-DB
Squid 2.4.1 - Remote Buffer Overflow2002-05-14

📋Vendor Advisories

2
Red Hat
security flaw2002-09-30
Red Hat
security flaw2002-05-10

📐Framework References

5
CWE
Improper Handling of Undefined Parameters
CWE
Path Equivalence: 'filename/' (Trailing Slash)
CWE
Improper Preservation of Permissions
CWE
Authentication Bypass by Primary Weakness
CWE
The UI Performs the Wrong Action

💬Community

3
Bugzilla
CVE-2002-0379 security flaw2018-08-16
Bugzilla
CVE-2002-0399 security flaw2018-08-16
Bugzilla
tcpdump problem with bgp decoding2003-01-29
CVE-2002-2001 — Jmcce vulnerability | cvebase