Medium severity5.5NVD Advisory· Published Dec 31, 2001· Updated Apr 16, 2026

CVE-2001-1494

Description

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

Affected products

Avaya/Cvlan
cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*
Avaya/Integrated Management Suit
cpe:2.3:a:avaya:integrated_management_suit:*:*:*:*:*:*:*:*
Avaya/Interactive Response
cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*
Avaya/Intuity Lx
cpe:2.3:a:avaya:intuity_lx:*:*:*:*:*:*:*:*
Avaya/Message Networking
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
Avaya/Messaging Storage Server
cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:*
Kernel/Util Linux
cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
Range: <2.11n

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/bugtraq/2001/Dec/0122.htmlnvdMailing ListThird Party Advisory
seclists.org/bugtraq/2001/Dec/0123.htmlnvdMailing ListThird Party Advisory
support.avaya.com/elmodocs2/security/ASA-2006-014.htmnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2005-782.htmlnvdBroken LinkVendor Advisory
www.securityfocus.com/bid/16280nvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/7718nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/16785nvdBroken Link
secunia.com/advisories/18502nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000