CVE-2001-1374

CWE-3056 documents6 sources

Severity

7.2HIGH

EPSS

0.1%

top 83.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Conectiva Linux DON Libes Expect Redhat Linux

Timeline

PublishedJul 19

Latest updateApr 30

Description

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDdon_libes/expect37 versions+36

▶NVDredhat/linux7.0

▶NVDconectiva/linux6.0, 7.0+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-xp42-65qj-mvgv: expect before 5↗2022-04-30

▶

CVEList

CVE-2001-1374: expect before 5↗2003-04-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-02-18

▶

📐Framework References

CWE

Authentication Bypass by Primary Weakness↗

▶

💬Community

Bugzilla

CVE-2001-1374 security flaw↗2018-08-16

▶