[email protected]CVE-2011-0523

HistoryAug 13, 2012 - 8:55 p.m.

CVE-2011-0523

2012-08-1320:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-0523

gypsy 0.8

root privilege

file read

local users

nvd

5.9 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.

CPENameOperatorVersion
iain:gypsyiain gypsyeq0.8

CPE	Name	Operator	Version
iain:gypsy	iain gypsy	eq	0.8

References

cgit.freedesktop.org/gypsy/commit/?id=40101707cddb319481133b2a137294b6b669bd16

lists.fedoraproject.org/pipermail/package-announce/2013-May/106919.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106927.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107020.html

lists.opensuse.org/opensuse-updates/2012-07/msg00034.html

secunia.com/advisories/49991

www.openwall.com/lists/oss-security/2011/01/24/10

www.openwall.com/lists/oss-security/2011/01/25/10

bugs.freedesktop.org/show_bug.cgi?id=33431

bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323

5.9 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2011-0523

ubuntucve1 prion1 openvas4 fedora3 nessus4