Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1345

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1345
Last Modified 05 Sep 2008 04:26:18
Published 05 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1345

Summary

bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.

Vulnerable Systems

Application

  • Jetico Bestcrypt 0.7


References

XF - bestcrypt-bctool-gain-privileges(6648)

BID - 2820

CONFIRM - http://www.jetico.com/index.htm#/linux.htm

BUGTRAQ - 20010604 Fatal flaw in BestCrypt <= v0.7 (Linux)


Last Updated: 27 May 2016 10:36:38