Remote Code Execution Vulnerability in IBM Ikeyman Tool
CVE-2000-1202

Currently unrated

Key Information:

Vendor: IBM
Status: Http Server Ssl Module Common
Vendor: CVE Published:; 31 August 2001

Summary

The Ikeyman tool in IBM IBMHSSSB 1.0 contains a vulnerability that can be exploited by malicious local users. It improperly sets the CLASSPATH environment variable, allowing user-defined directories to take precedence over system directories. This design flaw creates an opportunity for attackers to execute arbitrary code with root privileges by leveraging a Trojan horse version of the Ikeyman class. Organizations using this product should take immediate action to review their configurations and apply necessary mitigations to protect against potential intrusions.

References

http://www.securityfocus.com/bid/1092

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/4235

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/54073

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 31, 2001
Vulnerability Reserved
Aug 31, 2001