Vulnerability Name:

CVE-2001-1374 (CCN-6870)

Assigned:2001-07-19
Published:2001-07-19
Updated:2017-10-10
Summary:expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2001-1374

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:409

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:409
Insecure runtime library search path

Source: CCN
Type: RHSA-2002-148
Updated Tcl/Tk packages fix local vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:060

Source: CCN
Type: OSVDB ID: 5428
expect mkpasswd Path Variable Arbitrary Program Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2002:148

Source: BID
Type: Patch, Vendor Advisory
3074

Source: CCN
Type: BID-3074
Multiple Linux Vendor Expect Insecure Library Loading Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187

Source: CCN
Type: Bugzilla Bug - 28224
expect searches /var/tmp before /usr/lib

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224

Source: XF
Type: UNKNOWN
expect-insecure-library-search(6870)

Source: XF
Type: UNKNOWN
expect-insecure-library-search(6870)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:don_libes:expect:0:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:1:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:2:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:3:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:4:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.4:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.6:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.7:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.8:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.9:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.13:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.14:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.15:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.16:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.17:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.18:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.19:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.20:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.21:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.22:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.23:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.24:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.25:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.26:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.27:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.28:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.29:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.30:*:*:*:*:*:*:*
  • OR cpe:/a:don_libes:expect:5.31:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:don_libes:expect:0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    don_libes expect 0
    don_libes expect 1
    don_libes expect 2
    don_libes expect 3
    don_libes expect 4
    don_libes expect 5.0
    don_libes expect 5.1
    don_libes expect 5.2
    don_libes expect 5.3
    don_libes expect 5.4
    don_libes expect 5.5
    don_libes expect 5.6
    don_libes expect 5.7
    don_libes expect 5.8
    don_libes expect 5.9
    don_libes expect 5.10
    don_libes expect 5.11
    don_libes expect 5.12
    don_libes expect 5.13
    don_libes expect 5.14
    don_libes expect 5.15
    don_libes expect 5.16
    don_libes expect 5.17
    don_libes expect 5.18
    don_libes expect 5.19
    don_libes expect 5.20
    don_libes expect 5.21
    don_libes expect 5.22
    don_libes expect 5.23
    don_libes expect 5.24
    don_libes expect 5.25
    don_libes expect 5.26
    don_libes expect 5.27
    don_libes expect 5.28
    don_libes expect 5.29
    don_libes expect 5.30
    don_libes expect 5.31
    conectiva linux 6.0
    conectiva linux 7.0
    redhat linux 7.0
    don_libes expect 0
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2
    redhat linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2