CVE-2011-2147
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.
Openswan v2.2.x no restringe correctamente los permisos para (1) /var/run/starter.pid, relacionados con starter.c en el arranque IPsec, y (2) /var/lock/subsys/ipsec, que permite a usuarios locales matar procesos de su elección escribiendo un PID en un archivo, o posiblemente evitar las cuotas de disco por escritura de datos arbitrarios en un archivo, como lo demuestran los archivos con permisos 0666, una vulnerabilidad diferente de CVE-2011-1784.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-20 CVE Reserved
- 2011-05-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://lists.debian.org/debian-security/2011/05/msg00012.html | Mailing List | |
http://lists.debian.org/debian-security/2011/05/msg00013.html | Mailing List | |
http://lists.debian.org/debian-security/2011/05/msg00018.html | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/67822 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.2.0 Search vendor "Openswan" for product "Openswan" and version "2.2.0" | - |
Affected
| ||||||
Openswan Search vendor "Openswan" | Openswan Search vendor "Openswan" for product "Openswan" | 2.2.1 Search vendor "Openswan" for product "Openswan" and version "2.2.1" | - |
Affected
|