Unrated severityNVD Advisory· Published Aug 23, 2001· Updated Jun 16, 2026
CVE-2001-1091
CVE-2001-1091
Description
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
Affected products
7cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- (no CPE)range: 1.4.x - 1.5.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.