Vulnerability Name: | CVE-2001-1375 (CCN-6869) | ||||||||
Assigned: | 2001-07-19 | ||||||||
Published: | 2001-07-19 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. | ||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2001-1375 Source: CONECTIVA Type: UNKNOWN CLA-2001:409 Source: CCN Type: Conectiva Linux Announcement CLSA-2001:409 Insecure runtime library search path Source: CCN Type: RHSA-2002-148 Updated Tcl/Tk packages fix local vulnerability Source: XF Type: Patch, Vendor Advisory tcltk-insecure-library-search(6869) Source: MANDRAKE Type: UNKNOWN MDKSA-2002:060 Source: CCN Type: OSVDB ID: 5427 tcl/tk Path Variable Arbitrary Program Execution Source: REDHAT Type: UNKNOWN RHSA-2002:148 Source: BID Type: Patch, Vendor Advisory 3073 Source: CCN Type: BID-3073 Multiple Linux Vendor TCLTK Unsafe Library Searching Vulnerability Source: CCN Type: Bugzilla Bug - 28226 tcl looks in the current directory for libs Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226 Source: XF Type: UNKNOWN tcltk-insecure-library-search(6869) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |