Lucene search

[email protected]CVE-2011-5275

HistoryMar 21, 2014 - 4:38 a.m.

CVE-2011-5275

2014-03-2104:38:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-5275

domain technologie control

dtc

install script

sudo permissions

chrootuid

dtc user

privileges

security vulnerability

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON

The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.

CPENameOperatorVersion
gplhost:domain_technologie_controlgplhost domain technologie controleq0.29.8
gplhost:domain_technologie_controlgplhost domain technologie controleq0.28.9
gplhost:domain_technologie_controlgplhost domain technologie controleq0.32.1
gplhost:domain_technologie_controlgplhost domain technologie controleq0.25.3
gplhost:domain_technologie_controlgplhost domain technologie controleq0.30.6
gplhost:domain_technologie_controlgplhost domain technologie controleq0.26.9
gplhost:domain_technologie_controlgplhost domain technologie controleq0.29.1
gplhost:domain_technologie_controlgplhost domain technologie controleq0.27.3
gplhost:domain_technologie_controlgplhost domain technologie controleq0.28.4
gplhost:domain_technologie_controlgplhost domain technologie controlle0.32.11

CPE	Name	Operator	Version
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.29.8
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.28.9
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.32.1
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.25.3
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.30.6
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.26.9
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.29.1
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.27.3
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.28.4
gplhost:domain_technologie_control	gplhost domain technologie control	le	0.32.11

Rows per page:

1-10 of 351

References

git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3

www.debian.org/security/2011/dsa-2365

bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CVE-2011-5275

cvelist1 prion1 ubuntucve1