Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0087

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0087
Last Modified 05 Sep 2008 04:23:14
Published 12 Feb 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0087

Summary

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Vulnerable Systems

Application

  • Michael Glickman Itetris 1.6.1

  • Michael Glickman Itetris 1.6.2


References

BID - 2139

BUGTRAQ - 20001219 itetris[v1.6.2] local root exploit (system()+../ protection)

XF - itetris-svgalib-path


Last Updated: 27 May 2016 10:36:08