Lucene search

MitreCVE-2011-0468

HistoryApr 04, 2011 - 12:27 p.m.

CVE-2011-0468

2011-04-0412:27:36

CWE-264

mitre

web.nvd.nist.gov

aaa_base

privileges

shell metacharacters

filename

tab expansion

suse opensuse 11.3

opensuse 11.4

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.

Affected configurations

Nvd

Node

opensuseopensuseMatch11.3

opensuseopensuseMatch11.4

VendorProductVersionCPE
opensuseopensuse11.3cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	11.3	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*

References

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

lists.opensuse.org/opensuse-updates/2011-03/msg00010.html

secunia.com/advisories/43825

support.novell.com/security/cve/CVE-2011-0468.html

www.osvdb.org/71253

www.securityfocus.com/bid/46983

bugzilla.novell.com/678827

exchange.xforce.ibmcloud.com/vulnerabilities/66245

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-0468