oval:org.mitre.oval:def:4047

Definition Id: oval:org.mitre.oval:def:4047

Oval ID:	oval:org.mitre.oval:def:4047
Title:	Shell Redirect Symlink Attack Vulnerability
Description:	Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2000-1134	Version:	2
Platform(s):	Sun Solaris 7 Sun Solaris 8	Product(s):	Bourne Shell (sh) Bourne Again Shell (bash) TENEX C Shell (tcsh) C Shell (csh) Korn Shell (ksh)
Definition Synopsis:
Solaris 7 or 8 installed Solaris 7 Installed AND Solaris 8 Installed AND NOT Patches 108574-03, 108162-04, and 108416-02 or later installed Patch 108574-03 or later installed AND Patch 108162-04 or later installed AND Patch 108416-02 or later installed AND NOT Patches 110943-01, 110898-02, and 109324-03 or later installed Patch 110943-01 or later installed AND Patch 110898-02 or later installed AND Patch 109324-03 or later installed