Vulnerabilities > CVE-2002-1472 - Local Privilege Escalation vulnerability in Xfree86 Project X11R6 4.1.0/4.2.0

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
xfree86-project

Summary

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.

Vulnerable Configurations

Part Description Count
Application
Xfree86_Project
2

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82228/cleanup_exec.rb.txt
idPACKETSTORM:82228
last seen2016-12-05
published2009-10-27
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/82228/HP-UX-LPD-Command-Execution.html
titleHP-UX LPD Command Execution

Redhat

advisories
  • rhsa
    idRHSA-2003:066
  • rhsa
    idRHSA-2003:067