Vulnerability Details : CVE-2003-0136
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
Products affected by CVE-2003-0136
- cpe:2.3:o:astart_technologies:lprng:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:o:astart_technologies:lprng:3.8.9:*:*:*:*:*:*:*
- cpe:2.3:o:astart_technologies:lprng:3.8.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:astart_technologies:lprng:3.8.19:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0136
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0136
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2003-0136
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2003-142.html
SupportPatch;Vendor Advisory
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
#188366 - psbanner: insecure file creation (/tmp/before) - Debian Bug report logs
-
http://www.debian.org/security/2003/dsa-285
Debian -- The Universal Operating SystemPatch;Vendor Advisory
Jump to