Lucene search

[email protected]NVD:CVE-2001-0087

HistoryFeb 12, 2001 - 5:00 a.m.

CVE-2001-0087

2001-02-1205:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

Percentile

0.4%

JSON

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Affected configurations

Nvd

Node

michael_glickmanitetrisMatch1.6.1

michael_glickmanitetrisMatch1.6.2

VendorProductVersionCPE
michael_glickmanitetris1.6.1cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*
michael_glickmanitetris1.6.2cpe:2.3:a:michael_glickman:itetris:1.6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
michael_glickman	itetris	1.6.1	cpe:2.3:a:michael_glickman:itetris:1.6.1:::::::*
michael_glickman	itetris	1.6.2	cpe:2.3:a:michael_glickman:itetris:1.6.2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-12/0295.html

www.securityfocus.com/bid/2139

exchange.xforce.ibmcloud.com/vulnerabilities/5795

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2001-0087

exploitdb1 cvelist1 cve1