VYPR
Unrated severityNVD Advisory· Published Aug 23, 2001· Updated Jun 16, 2026

CVE-2001-1091

CVE-2001-1091

Description

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

Affected products

7
  • NetBSD/NetBSD7 versions
    cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
    • (no CPE)range: 1.4.x - 1.5.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.