Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2001-0920
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Auto Nice Daemon本地格式化字符串漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AND(Auto Nice Daemon)是一个守护程序,用来监视用户运行的进程。如果用户进程占用了过多的CPU时间,该守护程序就会改变这个用户进程。另外,该守护程序也会杀掉一些越级运行的用户程序。 该守护程序存在一个格式化字符串漏洞,可能导致本地攻击者提升权限。 该守护程序调用了syslog(3)函数,并且把进程名做为第二个参数。因此,只要精心构造一个包含格式化字符串的进程,就可能允许本地攻击者执行任意代码。由于该守护程序以root身份运行,因此攻击者将获得root权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2001-0920
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2001-0920
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2001-0920

No comments yet

Leave a comment