Vulnerability Details : CVE-2001-0087
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
Exploit prediction scoring system (EPSS) score for CVE-2001-0087
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0087
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2001-0087
-
http://www.securityfocus.com/bid/2139
Exploit;Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.html
Exploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
Products affected by CVE-2001-0087
- cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_glickman:itetris:1.6.2:*:*:*:*:*:*:*