[email protected]NVD:CVE-2011-0523

HistoryAug 13, 2012 - 8:55 p.m.

CVE-2011-0523

2012-08-1320:55:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.

Affected configurations

Nvd

Node

iaingypsyMatch0.8

VendorProductVersionCPE
iaingypsy0.8cpe:2.3:a:iain:gypsy:0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iain	gypsy	0.8	cpe:2.3:a:iain:gypsy:0.8:::::::*

References

cgit.freedesktop.org/gypsy/commit/?id=40101707cddb319481133b2a137294b6b669bd16

lists.fedoraproject.org/pipermail/package-announce/2013-May/106919.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106927.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107020.html

lists.opensuse.org/opensuse-updates/2012-07/msg00034.html

secunia.com/advisories/49991

www.openwall.com/lists/oss-security/2011/01/24/10

www.openwall.com/lists/oss-security/2011/01/25/10

bugs.freedesktop.org/show_bug.cgi?id=33431

bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2011-0523

cvelist1 cve1 prion1 ubuntucve1 nessus5 openvas4 fedora3