Lucene search

[email protected]CVE-2011-4122

HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4122

2011-11-1719:55:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

2011

4122

directory traversal

openpam

freebsd

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

JSON

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a … (dot dot) in the service_name argument to the pam_start function, as demonstrated by a … in the -c option to kcheckpass.

Affected configurations

NVD

Node

freebsdfreebsdMatch8.1

CPENameOperatorVersion
freebsd:freebsdfreebsdeq8.1

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	8.1

References

c-skills.blogspot.com/2011/11/openpam-trickery.html

openwall.com/lists/oss-security/2011/12/07/3

openwall.com/lists/oss-security/2011/12/08/9

osvdb.org/76945

secunia.com/advisories/46756

secunia.com/advisories/46804

stealth.openwall.net/xSports/pamslam

trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c

exchange.xforce.ibmcloud.com/vulnerabilities/71205

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

JSON

Related for CVE-2011-4122

prion2 freebsd1 openvas2 cvelist2 freebsd_advisory1 nvd2 securityvulns2 nessus1 cve1