PT-2000-1351 · Netscape · Netscape

Publicado

2000-05-10

Atualizado

2008-09-10

CVE-2000-0409

CVSS v2.0

3.7

Baixa

Vetor

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Netscape versions 4.73 and earlier

Description The issue allows local users to overwrite files of the user importing the certificate because Netscape follows symlinks when it imports a new certificate.

Recommendations For Netscape versions 4.73 and earlier, avoid importing certificates from untrusted sources until a fix is available. As a temporary workaround, consider setting appropriate permissions on sensitive files to prevent unauthorized overwriting.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2000-0409

Produtos afetados

Netscape

PT-2000-1351 · Netscape · Netscape

CVE-2000-0409

Identificadores relacionados

Produtos afetados

Referências · 4