Fluid Attacks Database

Description

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	util-linux	>=0 <2.11n-1	2.11n-1
debian 14	util-linux	>=0 <2.11n-1	2.11n-1
debian 13	util-linux	>=0 <2.11n-1	2.11n-1
debian 12	util-linux	>=0 <2.11n-1	2.11n-1

Aliases

1. CVE-2001-14942. NVD-2001-14943. OSV-DEBIAN-2001-14944. OSV-2001-14945. SECURITY-TRACKER-CVE-2001-1494

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.