CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2001-1091

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.0%

CVSS Severity

CVSS v2 Score 7.2

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc
https://exchange.xforce.ibmcloud.com/vulnerabilities/7037
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc
https://exchange.xforce.ibmcloud.com/vulnerabilities/7037

Products affected by CVE-2001-1091

Netbsd » Netbsd » Version: 1.4

cpe:2.3:o:netbsd:netbsd:1.4
Netbsd » Netbsd » Version: 1.4.1

cpe:2.3:o:netbsd:netbsd:1.4.1
Netbsd » Netbsd » Version: 1.4.2

cpe:2.3:o:netbsd:netbsd:1.4.2
Netbsd » Netbsd » Version: 1.4.3

cpe:2.3:o:netbsd:netbsd:1.4.3
Netbsd » Netbsd » Version: 1.5

cpe:2.3:o:netbsd:netbsd:1.5
Netbsd » Netbsd » Version: 1.5.1

cpe:2.3:o:netbsd:netbsd:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2001-1091

Products

Pricing

Contact Us