CVE-2011-0995

2011-05-1317:05:41

CWE-264

mitre

web.nvd.nist.gov

cve-2011-0995

sqlite3-ruby

rubygem-sqlite3

suse linux enterprise

weak permissions

local users

gain privileges

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

19.8%

JSON

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

Affected configurations

Nvd

Node

rubyforgerubygem-sqlite3Range≤1.2.3

rubyforgerubygem-sqlite3Match1.2.0

rubyforgerubygem-sqlite3Match1.2.1

rubyforgerubygem-sqlite3Match1.2.2

AND

novellsuse_linux_enterpriseMatch11sp1

VendorProductVersionCPE
rubyforgerubygem-sqlite3*cpe:2.3:a:rubyforge:rubygem-sqlite3:*:*:*:*:*:*:*:*
rubyforgerubygem-sqlite31.2.0cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.0:*:*:*:*:*:*:*
rubyforgerubygem-sqlite31.2.1cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.1:*:*:*:*:*:*:*
rubyforgerubygem-sqlite31.2.2cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.2:*:*:*:*:*:*:*
novellsuse_linux_enterprise11cpe:2.3:o:novell:suse_linux_enterprise:11:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyforge	rubygem-sqlite3	*	cpe:2.3:a:rubyforge:rubygem-sqlite3::::::::
rubyforge	rubygem-sqlite3	1.2.0	cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.0:::::::*
rubyforge	rubygem-sqlite3	1.2.1	cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.1:::::::*
rubyforge	rubygem-sqlite3	1.2.2	cpe:2.3:a:rubyforge:rubygem-sqlite3:1.2.2:::::::*
novell	suse_linux_enterprise	11	cpe:2.3:o:novell:suse_linux_enterprise:11:sp1::::::