CVE DATABASE / CVE-2001-1494
CVE-2001-1494
CVSS 5.5 · MEDIUM
Summary
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Kernel util-linuxAvaya cvlanAvaya integrated management suitAvaya interactive responseAvaya intuity lxAvaya message networkingAvaya messaging storage server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://seclists.org/bugtraq/2001/Dec/0122.html
- http://seclists.org/bugtraq/2001/Dec/0123.html
- http://secunia.com/advisories/16785
- http://secunia.com/advisories/18502
- http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
- http://www.redhat.com/support/errata/RHSA-2005-782.html
- http://www.securityfocus.com/bid/16280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.