PT-2001-2449 · Idtools · Idtools

Published

2001-06-26

Updated

2008-09-10

CVE-2001-1324

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: idtools versions prior to 2001.06.27

Description: The issue is related to the cvmlogin and statfile components in idtools, which do not properly check the return value of a call to the pathexec env function. This could cause the setstate utility to setuid to the UID environment variable, potentially allowing local users to gain privileges.

Recommendations: For versions prior to 2001.06.27, update to a version that includes the fix for this issue to prevent local users from gaining privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1324

Affected Products

Idtools

PT-2001-2449 · Idtools · Idtools

CVE-2001-1324

Related Identifiers

Affected Products

References · 4