Vulnerability Details CVE-2001-0087
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.html
- http://www.securityfocus.com/bid/2139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.html
- http://www.securityfocus.com/bid/2139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
Products affected by CVE-2001-0087
-
cpe:2.3:a:michael_glickman:itetris:1.6.1
-
cpe:2.3:a:michael_glickman:itetris:1.6.2