CVE-2001-1324

EPSS 0.07% · P20 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2001-1324

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Paul Jarc cvmlogin特权提升漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CVE(CAN) ID: CAN-2001-1324 "cvmlogin"是CVM框架的UNIX"login"程序，是由Paul Jarc开发的，发现其存在一个安全漏洞，导致攻击者获得root权限。 "cvmlogin"依赖"setstate"来设定用户ID和执行用户的shell，而"setstate"又依赖由"cvmlogin"设置的"UID"环境变量。但是"cvmlogin"在设置"UID"环境变量时处理内存分配错误失败。如果攻击者先进行消耗系统资源的攻击，导致"cvmlogin"设置"UID

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2001-1324

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2001-1324

请登录查看更多情报信息。

http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2x_refsource_CONFIRM
http://www.securityfocus.com/bid/2934vdb-entryx_refsource_BID
http://securitytracker.com/id?1001839vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2001-1324

Same Patch Batch · n/a · 2002-05-03 · 218 CVEs total

CVE-2002-0272		MPG321文件名ArgV缓冲区溢出漏洞
CVE-2002-0257		MakeBid Auction Deluxe跨站脚本攻击（XSS）漏洞
CVE-2002-0258		IceWarp Web Mail会话ID泄露漏洞
CVE-2002-0259		InstantServers MiniPortal敏感文件纯文本存储漏洞
CVE-2002-0260		InstantServers MiniPortal FTP远程登录缓冲区溢出漏洞
CVE-2002-0261		InstantServers MiniPortal目录遍历漏洞
CVE-2002-0262		Sybex E-Trainer软件相关路径过滤目录遍历漏洞
CVE-2002-0263		EZNE.NET Ezboard 2000远程缓冲溢出漏洞
CVE-2002-0264		Cooolsoft PowerFTP Server纯文本账户信息漏洞
CVE-2002-0266		Thunderstone TEXIS路径泄露漏洞
CVE-2002-0268		Identix BioLogon GINA认证绕过漏洞
CVE-2002-0269		Microsoft Internet Explorer 安全漏洞
CVE-2002-0270		Opera Content-Type HTML文件执行漏洞
CVE-2002-0271		GNU Ada Compiler运行库泄露和临时文件创建漏洞
CVE-2002-0286		Sitenews未认证用户添加漏洞
CVE-2002-0283		Windows XP服务拒绝（CPU消耗）漏洞
CVE-2002-0284		Winamp路径名称泄露漏洞
CVE-2002-0285		Outlook Express的附件回车/换行密封过滤绕过漏洞
CVE-2002-0282		DCP-Portal WWW根目录绝对路径泄漏漏洞
CVE-2002-0288		Phusion Webserver目录遍历漏洞

Showing top 20 of 218 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2001-1324

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2001-1324

I. Basic Information for CVE-2001-1324

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2001-1324

III. Intelligence Information for CVE-2001-1324

Same Patch Batch · n/a · 2002-05-03 · 218 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2001-1324

Leave a comment