CVE-2001-1374

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

Published: Jul 19, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1374
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
don_libes / expect	5.14	5.14.x
don_libes / expect	5.29	5.29.x
don_libes / expect	-	-
don_libes / expect	5.10	5.10.x
don_libes / expect	5.5	5.5.x
don_libes / expect	5.12	5.12.x
don_libes / expect	5.7	5.7.x
don_libes / expect	5.9	5.9.x
don_libes / expect	5.2	5.2.x
don_libes / expect	5.23	5.23.x
don_libes / expect	5.22	5.22.x
conectiva / linux	6.0	6.0.x
don_libes / expect	5.21	5.21.x
don_libes / expect	5.25	5.25.x
don_libes / expect	5.24	5.24.x
don_libes / expect	5.3	5.3.x
don_libes / expect	5.11	5.11.x
don_libes / expect	5.15	5.15.x
don_libes / expect	5.18	5.18.x
don_libes / expect	5.8	5.8.x
don_libes / expect	5.17	5.17.x
don_libes / expect	1	1.x
don_libes / expect	5.4	5.4.x
don_libes / expect	3	3.x
don_libes / expect	5.19	5.19.x
don_libes / expect	4	4.x
don_libes / expect	5.26	5.26.x
don_libes / expect	5.1	5.1.x
don_libes / expect	2	2.x
don_libes / expect	5.30	5.30.x
don_libes / expect	5.20	5.20.x
don_libes / expect	5.28	5.28.x
don_libes / expect	5.27	5.27.x
don_libes / expect	5.13	5.13.x
conectiva / linux	7.0	7.0.x
don_libes / expect	5.16	5.16.x
don_libes / expect	5.31	5.31.x
don_libes / expect	5.0	5.0.x
don_libes / expect	5.6	5.6.x
redhat / linux	7.0	7.0.x

Vulnerability Database

289,599

CVE-2001-1374