Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0170

7 documents6 sources

Severity

2.1LOW

EPSS

0.6%

top 29.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Conectiva Linux Debian Debian Linux Immunix Immunix +1 more

Timeline

PublishedMar 26

Latest updateApr 30

Description

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/linux7.0

▶NVDconectiva/linux9 versions+8

▶NVDimmunix/immunix7.0_beta

Also affects: Debian Linux 2.3

Patches

Patch: archives.neohapsis.com ↗Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6558-8g43-2f27: glibc 2↗2022-04-30

▶

CVEList

CVE-2001-0170: glibc 2↗2001-05-07

▶

💥Exploits & PoCs

Exploit-DB

glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read↗2001-01-25

▶

Exploit-DB

Resolv+ 'RESOLV_HOST_CONF' - Linux Library Command Execution↗1996-01-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-01-10

▶

💬Community

Bugzilla

CVE-2001-0170 security flaw↗2018-08-16

▶