Vulnerability Description
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gernot Stocker | Kpopup | 0.9.1 |
References
- http://secunia.com/advisories/10105Patch
- http://www.osvdb.org/2742Patch
- http://www.securityfocus.com/archive/1/342736Exploit
- http://www.securityfocus.com/bid/8915ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13540
- http://secunia.com/advisories/10105Patch
- http://www.osvdb.org/2742Patch
- http://www.securityfocus.com/archive/1/342736Exploit
- http://www.securityfocus.com/bid/8915ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13540
FAQ
What is CVE-2003-1167?
CVE-2003-1167 is a vulnerability with a CVSS score of 7.2 (HIGH). misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
How severe is CVE-2003-1167?
CVE-2003-1167 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1167?
Check the references section above for vendor advisories and patch information. Affected products include: Gernot Stocker Kpopup.