Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Paul Jarc cvmlogin特权提升漏洞
Vulnerability Description
CVE(CAN) ID: CAN-2001-1324 "cvmlogin"是CVM框架的UNIX"login"程序,是由Paul Jarc开发的,发现其存在一 个安全漏洞,导致攻击者获得root权限。 "cvmlogin"依赖"setstate"来设定用户ID和执行用户的shell,而"setstate"又 依赖由"cvmlogin"设置的"UID"环境变量。但是"cvmlogin"在设置"UID"环境变 量时处理内存分配错误失败。 如果攻击者先进行消耗系统资源的攻击,导致"cvmlogin"设置"UID
CVSS Information
N/A
Vulnerability Type
N/A