CVE-2011-3628
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.
Vulnerabilidad de búsqueda de ruta no confiable en pam_motd (también conocido como el modulo MOTD) en libpam-modules anterior a 1.1.3-2ubuntu2.1 en Ubuntu 11.10, anterior a 1.1.2-2ubuntu8.4 en Ubuntu 11.04, anterior a 1.1.1-4ubuntu2.4 en Ubuntu 10.10, anterior a 1.1.1-2ubuntu5.4 en Ubuntu 10.04 LTS, y anterior a 0.99.7.1-5ubuntu6.5 en Ubuntu 8.04 LTS, cuando se usan ciertas configuraciones tales como "sesiones opcionales en pam_motd.so", permite a usuarios locales ganar privilegios mediante la modificación de la variable de entorno PATH para referenciar comandos maliciosos, como se demostró a través de uname.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-09-21 CVE Reserved
- 2011-10-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1237-1 | 2014-04-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Libpam-modules Search vendor "Canonical" for product "Libpam-modules" | 0.9.7 Search vendor "Canonical" for product "Libpam-modules" and version "0.9.7" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Libpam-modules Search vendor "Canonical" for product "Libpam-modules" | 1.1.1 Search vendor "Canonical" for product "Libpam-modules" and version "1.1.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Libpam-modules Search vendor "Canonical" for product "Libpam-modules" | 1.1.2 Search vendor "Canonical" for product "Libpam-modules" and version "1.1.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Libpam-modules Search vendor "Canonical" for product "Libpam-modules" | 1.1.3 Search vendor "Canonical" for product "Libpam-modules" and version "1.1.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10" | - |
Affected
| ||||||