CVE-2003-0578 - OpenCVE

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	U2 Universe

Configuration 1 [-]

cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html
http://marc.info/?l=bugtraq&m=105839150004682&w=2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-07-17T04:00:00

Updated: 2024-08-08T01:58:11.274Z

Reserved: 2003-07-16T00:00:00

Link: CVE-2003-0578

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2003-08-18T04:00:00.000

Modified: 2024-01-26T17:19:55.753

Link: CVE-2003-0578

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2"}, {"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0578", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2"}, {"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:11.274Z"}, "title": "CVE Program Container", "references": [{"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2"}, {"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0578", "datePublished": "2003-07-17T04:00:00", "dateReserved": "2003-07-16T00:00:00", "dateUpdated": "2024-08-08T01:58:11.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*", "matchCriteriaId": "D91689F2-670E-465E-A451-DCA071FBF3DA", "versionEndIncluding": "10.0.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."}, {"lang": "es", "value": "cci_dir en IBM UniVerse 10.0.0.9 y anteriores crea enlaces duros y desenlaza (unlink) ficheros como root, lo que permite a usuarios locales ganar privilegios borrando y sobreescribiendo ficheros arbitrarios."}], "id": "CVE-2003-0578", "lastModified": "2024-01-26T17:19:55.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2003-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}