Privilege Escalation via RCMD_CMD Environment Variable in NetBSD 1.4.x through 1.5.1

Privilege Escalation via RCMD_CMD Environment Variable in NetBSD 1.4.x through 1.5.1

CVE-2001-1091 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

Learn more about our User Device Pen Test.