Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0787 — Redhat Linux vulnerability

6 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.3%

top 47.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Linux

Timeline

PublishedOct 18

Latest updateApr 30

Description

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/linux7.0, 7.1+1

🔴Vulnerability Details

GHSA

GHSA-8cwj-qxjh-6vq7: LPRng in Red Hat Linux 7↗2022-04-30

▶

CVEList

CVE-2001-0787: LPRng in Red Hat Linux 7↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

LPRng 3.6.x - Failure To Drop Supplementary Groups↗2001-06-07

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-06-12

▶

💬Community

Bugzilla

CVE-2001-0787 security flaw↗2018-08-16

▶