GTK+ Library Local User Privilege Escalation via Module Specification
CVE-2001-0084

Currently unrated

Key Information:

Vendor: Gnome
Status: Gtk
Vendor: CVE Published:; 12 February 2001

What is CVE-2001-0084?

The GTK+ library is vulnerable due to its handling of the GTK_MODULES environmental variable, allowing local users to define arbitrary modules. This could potentially lead to privilege escalation when GTK+ is utilized by programs with setuid or setgid permissions. Consequently, malicious local users may exploit this design flaw to execute untrusted code with elevated privileges, thereby compromising system integrity.

References

http://www.securityfocus.com/bid/2165

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2000-12/04...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2001-01/00...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2001
Vulnerability Reserved
Feb 1, 2001

Gnome

What is CVE-2001-0084?

References

Timeline