Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0370

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0370
Last Modified 05 Sep 2008 04:23:56
Published 27 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0370

Summary

fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.

Vulnerable Systems

Application

  • Michael A. Gumienny Fcheck 2.57.59


References

XF - fcheck-open-execute-commands

BUGTRAQ - 20010320 fcheck prior to 2.07.59 - vulnerability - improper use of perl 'magic open'


Last Updated: 27 May 2016 10:36:14