CVE-2001-0170

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Published: Mar 26, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0170
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
conectiva / linux	graficas	graficas.x
conectiva / linux	4.2	4.2.x
conectiva / linux	4.1	4.1.x
conectiva / linux	6.0	6.0.x
conectiva / linux	5.1	5.1.x
immunix / immunix	7.0_beta	7.0_beta.x
conectiva / linux	ecommerce	ecommerce.x
conectiva / linux	4.0es	4.0es.x
conectiva / linux	5.0	5.0.x
conectiva / linux	4.0	4.0.x
debian / debian_linux	2.3	2.3.x
redhat / linux	7.0	7.0.x

http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
http://www.redhat.com/support/errata/RHSA-2001-001.html
http://www.securityfocus.com/bid/2181
https://exchange.xforce.ibmcloud.com/vulnerabilities/5907

Vulnerability Database

289,599

CVE-2001-0170