CVE-2011-5054
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
La aplicación de Linux kcheckpass pasa un argumento suministrado por el usuario a la función pam_start, a menudo dentro de un ambiente setuid, lo que permite a usuarios locales invocar cualquier pila PAM configurada y posiblemente provocar efectos secundarios no deseados, a través de un nombre de servicio PAM válido. Se trata de una vulnerabilidad diferente a CVE-2011-4122. NOTA: El vendedor indica que la posibilidad de una escalada de privilegios resultante puede ser "un poco exagerada".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-01-06 CVE Reserved
- 2012-01-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://c-skills.blogspot.com/2011/11/openpam-trickery.html | X_refsource_misc | |
http://openwall.com/lists/oss-security/2011/12/07/3 | Mailing List | |
http://openwall.com/lists/oss-security/2011/12/08/9 | Mailing List | |
http://openwall.com/lists/oss-security/2011/12/23/8 | Mailing List | |
http://openwall.com/lists/oss-security/2011/12/27/1 | Mailing List | |
http://openwall.com/lists/oss-security/2011/12/27/3 | Mailing List | |
http://openwall.com/lists/oss-security/2011/12/28/5 | Mailing List | |
http://openwall.com/lists/oss-security/2012/01/02/10 | Mailing List | |
http://openwall.com/lists/oss-security/2012/01/02/11 | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/72230 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kde Search vendor "Kde" | Kcheckpass Search vendor "Kde" for product "Kcheckpass" | * | - |
Affected
|