CVE-2001-0084 Information

Description

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html http://www.gtk.org/setuid.html http://www.securityfocus.com/bid/2165