Lucene search

MitreCVE-2001-0087

HistoryFeb 12, 2001 - 5:00 a.m.

CVE-2001-0087

2001-02-1205:00:00

mitre

web.nvd.nist.gov

itetris

xitetris

path environment

gunzip

local user

root privileges

cve-2001-0087.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

Percentile

0.4%

JSON

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Affected configurations

Nvd

Node

michael_glickmanitetrisMatch1.6.1

michael_glickmanitetrisMatch1.6.2

VendorProductVersionCPE
michael_glickmanitetris1.6.1cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*
michael_glickmanitetris1.6.2cpe:2.3:a:michael_glickman:itetris:1.6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
michael_glickman	itetris	1.6.1	cpe:2.3:a:michael_glickman:itetris:1.6.1:::::::*
michael_glickman	itetris	1.6.2	cpe:2.3:a:michael_glickman:itetris:1.6.2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-12/0295.html

www.securityfocus.com/bid/2139

exchange.xforce.ibmcloud.com/vulnerabilities/5795

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2001-0087