CVE-2001-1494

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.11n Red Hat Enterprise Linux (affected versions not specified)

Description The issue allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of the issue can be carried out locally.

Recommendations For util-linux versions prior to 2.11n, update to version 2.11n or later to resolve the issue. As a temporary workaround, consider restricting access to the script command until a patch is available. Avoid using the script command in the util-linux package until the issue is resolved. At the moment, there is no information about additional mitigation measures for Red Hat Enterprise Linux.