Lucene search

[email protected]CVE-2011-4122

HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4122

2011-11-1719:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2011

4122

directory traversal

openpam

freebsd

nvd

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.3%

JSON

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a … (dot dot) in the service_name argument to the pam_start function, as demonstrated by a … in the -c option to kcheckpass.

CPENameOperatorVersion
freebsd:freebsdfreebsdeq8.1

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	8.1

References

c-skills.blogspot.com/2011/11/openpam-trickery.html

openwall.com/lists/oss-security/2011/12/07/3

openwall.com/lists/oss-security/2011/12/08/9

osvdb.org/76945

secunia.com/advisories/46756

secunia.com/advisories/46804

stealth.openwall.net/xSports/pamslam

trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c

exchange.xforce.ibmcloud.com/vulnerabilities/71205

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.3%

JSON

Related for CVE-2011-4122

openvas2 cvelist2 freebsd1 prion2 securityvulns2 freebsd_advisory1 nessus1 cve1