Vulnerabilities > CVE-2002-1472 - Local Privilege Escalation vulnerability in Xfree86 Project X11R6 4.1.0/4.2.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82228/cleanup_exec.rb.txt |
| id | PACKETSTORM:82228 |
| last seen | 2016-12-05 |
| published | 2009-10-27 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/82228/HP-UX-LPD-Command-Execution.html |
| title | HP-UX LPD Command Execution |
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
- http://www.iss.net/security_center/static/10137.php
- http://www.osvdb.org/11922
- http://www.redhat.com/support/errata/RHSA-2003-066.html
- http://www.redhat.com/support/errata/RHSA-2003-067.html
- http://www.securityfocus.com/bid/5735