exploitDog

CVE-2001-1324

Опубликовано: 26 июн. 2001

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

Ссылки

http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
http://securitytracker.com/id?1001839
http://www.securityfocus.com/bid/2934
Patch
Vendor Advisory
http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
http://securitytracker.com/id?1001839
http://www.securityfocus.com/bid/2934
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:paul_jarc:idtools:2001-05-31:*:*:*:*:*:*:*

cpe:2.3:a:paul_jarc:idtools:2001-06-08:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hvr4-2p3v-j73r

github

больше 3 лет назад

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

EPSS

Процентиль: 21%

0.00066

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other