CVE-2001-0087

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Published: Feb 12, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0087
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
michael_glickman / itetris	1.6.2	1.6.2.x
michael_glickman / itetris	1.6.1	1.6.1.x

http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.html
http://www.securityfocus.com/bid/2139
https://exchange.xforce.ibmcloud.com/vulnerabilities/5795

Vulnerability Database

290,206

CVE-2001-0087