Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1374

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-1374
Last Modified 05 Sep 2008 04:26:23
Published 19 Jul 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1374

Summary

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

Vulnerable Systems

Operating System

  • Conectiva Linux 6.0

  • Conectiva Linux 7.0

  • Redhat Linux 7.0

Application

  • Don Libes Expect 0

  • Don Libes Expect 1

  • Don Libes Expect 2

  • Don Libes Expect 3

  • Don Libes Expect 4

  • Don Libes Expect 5.0

  • Don Libes Expect 5.1

  • Don Libes Expect 5.10

  • Don Libes Expect 5.11

  • Don Libes Expect 5.12

  • Don Libes Expect 5.13

  • Don Libes Expect 5.14

  • Don Libes Expect 5.15

  • Don Libes Expect 5.16

  • Don Libes Expect 5.17

  • Don Libes Expect 5.18

  • Don Libes Expect 5.19

  • Don Libes Expect 5.2

  • Don Libes Expect 5.20

  • Don Libes Expect 5.21

  • Don Libes Expect 5.22

  • Don Libes Expect 5.23

  • Don Libes Expect 5.24

  • Don Libes Expect 5.25

  • Don Libes Expect 5.26

  • Don Libes Expect 5.27

  • Don Libes Expect 5.28

  • Don Libes Expect 5.29

  • Don Libes Expect 5.3

  • Don Libes Expect 5.30

  • Don Libes Expect 5.31

  • Don Libes Expect 5.4

  • Don Libes Expect 5.5

  • Don Libes Expect 5.6

  • Don Libes Expect 5.7

  • Don Libes Expect 5.8

  • Don Libes Expect 5.9


References

XF - expect-insecure-library-search(6870)

BID - 3074

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187

REDHAT - RHSA-2002:148

MANDRAKE - MDKSA-2002:060

CONECTIVA - CLA-2001:409


Last Updated: 27 May 2016 10:36:38