Back to search
CVE-2001-1324
Published: May 3, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1001839
vdb-entry
x_refsource_SECTRACK
http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
x_refsource_CONFIRM
2934
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now