Description
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
Products
- FreeBSD 4.3
- FreeBSD 4.3
- FreeBSD 4.3 Patch 24
- FreeBSD 4.3 Patch 37
- FreeBSD 4.3 Patch 38
- FreeBSD 4.3 Patch 40
- FreeBSD 4.3 Patch 41
- FreeBSD 4.3 Patch 42
- FreeBSD 4.3 Release Candidate
- NetBSD 1.5.1
- NetBSD 1.5
- OpenBSD OpenBSD
- OpenBSD
- OpenBSD 2.0
- OpenBSD 2.1
- OpenBSD 2.2
- OpenBSD 2.3
- OpenBSD 2.4
- OpenBSD 2.5
- OpenBSD 2.6
- OpenBSD 2.7
- OpenBSD 2.8
- OpenBSD 2.9
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-1145, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-1145 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References