CVE Vulnerabilities

CVE-2001-1091

Published: Aug 23, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

Affected Software

Name Vendor Start Version End Version
Netbsd Netbsd 1.4 1.4
Netbsd Netbsd 1.4.1 1.4.1
Netbsd Netbsd 1.4.2 1.4.2
Netbsd Netbsd 1.4.3 1.4.3
Netbsd Netbsd 1.5 1.5
Netbsd Netbsd 1.5.1 1.5.1

References