Vulnerabilities > CVE-2001-0170

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
immunix
conectiva
debian
redhat
exploit available
NVD
Published: 2001-03-26
Updated: 2017-10-10

Summary

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Vulnerable Configurations

Part Description Count
Application
Immunix
1
OS
Conectiva
9
OS
Debian
1
OS
Redhat
2

Exploit-Db

  • descriptionglibc-2.2 and openssh-2.3.0p1 exploits glibc >= 2.1.9x. CVE-2001-0170. Local exploit for linux platform
    idEDB-ID:258
    last seen2016-01-31
    modified2001-01-25
    published2001-01-25
    reporterkrochos
    sourcehttps://www.exploit-db.com/download/258/
    titleglibc-2.2 and openssh-2.3.0p1 Exploits glibc <= 2.1.9x
  • descriptionResolv+ (RESOLV_HOST_CONF) Linux Library Local Exploit. CVE-2001-0170. Local exploit for linux platform
    idEDB-ID:317
    last seen2016-01-31
    modified1996-01-01
    published1996-01-01
    reporterJared Mauch
    sourcehttps://www.exploit-db.com/download/317/
    titleResolv+ RESOLV_HOST_CONF - Linux Library Local Exploit

Redhat

advisories
rhsa
idRHSA-2001:001

References