Lucene search

[email protected]CVE-2001-0787

HistoryOct 18, 2001 - 4:00 a.m.

CVE-2001-0787

2001-10-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

red hat

linux 7.0

linux 7.1

lprng

cve-2001-0787

nvd

privilege escalation

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.

CPENameOperatorVersion
redhat:linuxredhat linuxeq7.0
redhat:linuxredhat linuxeq7.1

CPE	Name	Operator	Version
redhat:linux	redhat linux	eq	7.0
redhat:linux	redhat linux	eq	7.1

References

www.ciac.org/ciac/bulletins/l-096.shtml

www.redhat.com/support/errata/RHSA-2001-077.html

www.securityfocus.com/bid/2865

exchange.xforce.ibmcloud.com/vulnerabilities/6703

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON