Lucene search

K

[email protected]NVD:CVE-2011-5054

HistoryJan 06, 2012 - 9:55 p.m.

CVE-2011-5054

2012-01-0621:55:01

CWE-287

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be “a bit far-fetched.”

Affected configurations

NVD

Node

kdekcheckpass

References

c-skills.blogspot.com/2011/11/openpam-trickery.html

openwall.com/lists/oss-security/2011/12/07/3

openwall.com/lists/oss-security/2011/12/08/9

openwall.com/lists/oss-security/2011/12/23/8

openwall.com/lists/oss-security/2011/12/27/1

openwall.com/lists/oss-security/2011/12/27/3

openwall.com/lists/oss-security/2011/12/28/5

openwall.com/lists/oss-security/2012/01/02/10

openwall.com/lists/oss-security/2012/01/02/11

exchange.xforce.ibmcloud.com/vulnerabilities/72230

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

Related for NVD:CVE-2011-5054

cvelist2 prion2 cve2 openvas2 freebsd_advisory1 nvd1 securityvulns2 freebsd1 nessus1