Unrated severityNVD Advisory· Published Feb 12, 2001· Updated Apr 16, 2026

CVE-2001-0087

Description

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Affected products

Michael Glickman/Itetris2 versions
cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:michael_glickman:itetris:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_glickman:itetris:1.6.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2000-12/0295.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/2139nvdExploitPatchVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/5795nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000