6.9
CVE-2011-5054
- EPSS 0.33%
- Veröffentlicht 06.01.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.25 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://c-skills.blogspot.com/2011/11/openpam-trickery.html
http://openwall.com/lists/oss-security/2011/12/07/3
http://openwall.com/lists/oss-security/2011/12/08/9
http://openwall.com/lists/oss-security/2011/12/23/8
http://openwall.com/lists/oss-security/2011/12/27/1
http://openwall.com/lists/oss-security/2011/12/27/3
http://openwall.com/lists/oss-security/2011/12/28/5
http://openwall.com/lists/oss-security/2012/01/02/10
http://openwall.com/lists/oss-security/2012/01/02/11
https://exchange.xforce.ibmcloud.com/vulnerabilities/72230