7.2
CVSSv2

CVE-2003-1167

Published: 31/12/2003 Updated: 11/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

Affected Products

Vendor Product Versions
Gernot StockerKpopup0.9.1, 0.9.5 Pre2

Exploits

source: wwwsecurityfocuscom/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default According to the report, kpopup uses the system(3) C-library function insecurely to run other utilities on the system In at least one instance, system( ...