Description
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7037
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc
Scores
EPSS
0.0006
EPSS Percentile
18.6%
Details
Status
published
Products (6)
netbsd/netbsd
1.4
netbsd/netbsd
1.4.1
netbsd/netbsd
1.4.2
netbsd/netbsd
1.4.3
netbsd/netbsd
1.5
netbsd/netbsd
1.5.1
Published
Aug 23, 2001
Tracked Since
Feb 18, 2026