PT-2000-1351 · Netscape · Netscape

Published

2000-05-10

Updated

2008-09-10

CVE-2000-0409

CVSS v2.0

3.7

Low

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Netscape versions 4.73 and earlier

Description The issue allows local users to overwrite files of the user importing the certificate because Netscape follows symlinks when it imports a new certificate.

Recommendations For Netscape versions 4.73 and earlier, avoid importing certificates from untrusted sources until a fix is available. As a temporary workaround, consider setting appropriate permissions on sensitive files to prevent unauthorized overwriting.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0409

Affected Products

Netscape

PT-2000-1351 · Netscape · Netscape

CVE-2000-0409

Related Identifiers

Affected Products

References · 4