Lucene search

[email protected]CVE-2011-1496

HistoryApr 18, 2011 - 6:55 p.m.

CVE-2011-1496

2011-04-1818:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve

2011

1496

tmux

group privileges

local users

utmp

command-line option

nvd

6.2 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

19.0%

JSON

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.

CPENameOperatorVersion
nicholas_marriott:tmuxnicholas marriott tmuxeq1.3
nicholas_marriott:tmuxnicholas marriott tmuxeq1.4

CPE	Name	Operator	Version
nicholas_marriott:tmux	nicholas marriott tmux	eq	1.3
nicholas_marriott:tmux	nicholas marriott tmux	eq	1.4

References

lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/058548.html

secunia.com/advisories/44081

secunia.com/advisories/44239

www.debian.org/security/2011/dsa-2212

www.exploit-db.com/exploits/17147

www.securityfocus.com/bid/47283

www.vupen.com/english/advisories/2011/0897

www.vupen.com/english/advisories/2011/1002

www.vupen.com/english/advisories/2011/1015

exchange.xforce.ibmcloud.com/vulnerabilities/66693

6.2 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

19.0%

JSON

Related for CVE-2011-1496

openvas6 securityvulns1 fedora3 ubuntucve1 debian2 debiancve1 nessus4 seebug1 exploitpack1 prion1 packetstorm1 exploitdb1