Lucene search

[email protected]CVE-2001-1375

HistoryJul 19, 2001 - 4:00 a.m.

CVE-2001-1375

2001-07-1904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1375

tcl/tk package

trojan horse

code execution

nvd.

7.3 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

CPENameOperatorVersion
conectiva:linuxconectiva linuxeq6.0
conectiva:linuxconectiva linuxeq7.0
redhat:linuxredhat linuxeq7.0

CPE	Name	Operator	Version
conectiva:linux	conectiva linux	eq	6.0
conectiva:linux	conectiva linux	eq	7.0
redhat:linux	redhat linux	eq	7.0

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409

www.iss.net/security_center/static/6869.php

www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060

www.redhat.com/support/errata/RHSA-2002-148.html

www.securityfocus.com/bid/3073

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226

7.3 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2001-1375

nessus1