CVE-2001-1145

Published: Aug 17, 2001Modified: Apr 16, 2026

6.2

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 1.9 / Impact: 10.0

Source: NVD

Description

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Affected (4)

Products: Freebsd: Freebsd · Netbsd: Netbsd · Openbsd: Openbsd

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Version 4.3
Netbsd Netbsd	Version 1.5.1
Netbsd Netbsd	Version 1.5
Openbsd Openbsd	Up to 2.9

References (12)

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc (unsafe URL)

Source: cve@mitre.org

http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.iss.net/security_center/static/8715.php

Source: cve@mitre.org

http://www.openbsd.org/errata28.html

Source: cve@mitre.org

Patch

http://www.osvdb.org/5466

Source: cve@mitre.org

http://www.securityfocus.com/bid/3205

Source: cve@mitre.org

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.iss.net/security_center/static/8715.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openbsd.org/errata28.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/5466

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/3205

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.