Vulnerability Details CVE-2001-0084
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html
- http://www.gtk.org/setuid.html
- http://www.securityfocus.com/bid/2165
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html
- http://www.gtk.org/setuid.html
- http://www.securityfocus.com/bid/2165