Описание
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
Ссылки
- ExploitVendor Advisory
- ExploitPatchVendor Advisory
- ExploitVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:michael_glickman:itetris:1.6.2:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.0014
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
EPSS
Процентиль: 35%
0.0014
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other