CVE-2002-0169 - OpenCVE

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Docbook Utils Docbook Stylesheets

Configuration 1 [-]

OR	cpe:2.3:a:redhat:docbook_stylesheets:1.54.13:::::::*
	cpe:2.3:a:redhat:docbook_utils:0.6.9-2:::::::*
	cpe:2.3:a:redhat:docbook_utils:0.6.13:::::::*

References

Link	Resource
http://online.securityfocus.com/advisories/4095
http://www.iss.net/security_center/static/8983.php
http://www.osvdb.org/5349
http://www.redhat.com/support/errata/RHSA-2002-062.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/4654

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2002-08-17T00:00:00

Reserved: 2002-04-11T00:00:00

Link: CVE-2002-0169

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-05-29T04:00:00.000

Modified: 2008-09-11T00:00:37.993

Link: CVE-2002-0169

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-08-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4654", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4654"}, {"name": "linux-docbook-stylesheet-insecure(8983)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8983.php"}, {"name": "RHSA-2002:062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-062.html"}, {"name": "5349", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5349"}, {"name": "HPSBTL0205-038", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://online.securityfocus.com/advisories/4095"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4654", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4654"}, {"name": "linux-docbook-stylesheet-insecure(8983)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8983.php"}, {"name": "RHSA-2002:062", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-062.html"}, {"name": "5349", "refsource": "OSVDB", "url": "http://www.osvdb.org/5349"}, {"name": "HPSBTL0205-038", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/4095"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0169", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-04-11T00:00:00", "dateUpdated": "2002-08-17T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:docbook_stylesheets:1.54.13:*:*:*:*:*:*:*", "matchCriteriaId": "7FB39657-9421-419D-9F23-7719CD834D78", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:docbook_utils:0.6.9-2:*:*:*:*:*:*:*", "matchCriteriaId": "4966560B-32E1-416E-8A56-53D4A9991155", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:docbook_utils:0.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "DAAC8103-B804-4520-8AF8-67A333E50497", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier."}, {"lang": "es", "value": "La hoja de estilo por defecto de DocBook en RedHat Linux 6.2 a 7.2 se instala con una opci\u00f3n insegura activada, lo que podr\u00eda permitir a usuarios sobreescribir ficheros fuera del directorio actual desde un documento no de confianza, usando una ruta larga como elemento identificador."}], "id": "CVE-2002-0169", "lastModified": "2008-09-11T00:00:37.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-05-29T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://online.securityfocus.com/advisories/4095"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8983.php"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5349"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2002-062.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4654"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}