Lucene search

Ubuntu.comUB:CVE-2011-4125

HistoryOct 27, 2021 - 12:00 a.m.

CVE-2011-4125

2021-10-2700:00:00

ubuntu.com

cve-2011-4125

calibre

untrusted search path

linux

root execution

ubuntu

udisk-based shell script

martin pitt

calibre package

setuid helper

10.04 lts

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.1%

JSON

A untrusted search path issue was found in Calibre at
devices/linux_mount_helper.c leading to the ability of unprivileged users
to execute any program as root.

Notes

Author	Note
sbeattie	Ubuntu, from 10.10 (maverick) and after, uses the udisk-based shell script that Martin Pitt wrote instead of the upstream calibre setuid helper. In Ubuntu 10.04 LTS (lucid), the calibre package does not include the setuid helper at all.

References

launchpad.net/bugs/cve/CVE-2011-4125

nvd.nist.gov/vuln/detail/CVE-2011-4125

security-tracker.debian.org/tracker/CVE-2011-4125

www.cve.org/CVERecord?id=CVE-2011-4125

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.1%

JSON

Related for UB:CVE-2011-4125