CVE-2001-1091 Information

Description

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges which could allow local users to gain privileges via the RCMD_CMD environment variable.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc https://exchange.xforce.ibmcloud.com/vulnerabilities/7037