01642 06 11 11 Arrange Call

Privilege Escalation via PATH Manipulation in itetris/xitetris

CVE-2001-0087 · HIGH

CVE-2001-0087

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

Learn more about our User Device Pen Test.