CVE-2001-0424

BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.

Published: Jul 2, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0424
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
timecop / bubblemon	1.0pl7	1.0pl7.x
timecop / bubblemon	1.23	1.23.x
timecop / bubblemon	1.0pl3	1.0pl3.x
timecop / bubblemon	1.22	1.22.x
timecop / bubblemon	1.0pl6	1.0pl6.x
timecop / bubblemon	1.31	1.31.x
timecop / bubblemon	1.1test3	1.1test3.x
timecop / bubblemon	1.0pl4	1.0pl4.x
timecop / bubblemon	1.21test1	1.21test1.x
timecop / bubblemon	1.0pl2	1.0pl2.x
timecop / bubblemon	1.3	1.3.x
timecop / bubblemon	1.0	1.0.x
timecop / bubblemon	1.1test5	1.1test5.x
timecop / bubblemon	1.21	1.21.x
timecop / bubblemon	1.2	1.2.x
timecop / bubblemon	1.1test2	1.1test2.x
timecop / bubblemon	1.1test7	1.1test7.x
timecop / bubblemon	1.0pl1	1.0pl1.x
timecop / bubblemon	1.0pl9	1.0pl9.x
timecop / bubblemon	1.2test1	1.2test1.x
timecop / bubblemon	1.1test6	1.1test6.x
timecop / bubblemon	1.0pl8	1.0pl8.x
timecop / bubblemon	1.1test1	1.1test1.x
timecop / bubblemon	1.1	1.1.x
timecop / bubblemon	1.1test4	1.1test4.x
freebsd / freebsd	6.2-stable	6.2-stable.x

Vulnerability Database

290,020

CVE-2001-0424