VYPR
Unrated severityNVD Advisory· Published Jun 26, 2001· Updated Jun 16, 2026

CVE-2001-1324

CVE-2001-1324

Description

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

Affected products

3
  • Paul Jarc/Idtools3 versions
    cpe:2.3:a:paul_jarc:idtools:2001-05-31:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:paul_jarc:idtools:2001-05-31:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_jarc:idtools:2001-06-08:*:*:*:*:*:*:*
    • (no CPE)range: <2001.06.27

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.