CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2001-1324

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.8%

CVSS Severity

CVSS v2 Score 4.6

References

http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
http://securitytracker.com/id?1001839
http://www.securityfocus.com/bid/2934
http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
http://securitytracker.com/id?1001839
http://www.securityfocus.com/bid/2934

Products affected by CVE-2001-1324

Paul Jarc » Idtools » Version: 2001-05-31

cpe:2.3:a:paul_jarc:idtools:2001-05-31
Paul Jarc » Idtools » Version: 2001-06-08

cpe:2.3:a:paul_jarc:idtools:2001-06-08

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2001-1324

Products

Pricing

Contact Us