Vulnerabilities > CVE-2001-0912 - Local Security vulnerability in Mandrakesoft Mandrake Linux 8.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2001-087.NASL |
| description | A packaging problem that can lead to a root compromise existed in the expect package as provided in Mandrake Linux 8.1. expect would look for libraries in the directory /home/snailtalk/tmp/tcltk-root/usr/lib before any other and if such a user existed on the system, with rogue libraries, if root were to execute expect, a compromise could occur. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13900 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13900 |
| title | Mandrake Linux Security Advisory : expect (MDKSA-2001:087) |