Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1946

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-1946
Last Modified 08 Jul 2011 12:00:00
Published 07 Jul 2011 05:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1946

Summary

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.

Vulnerable Systems

Application

  • Hongli Lai Libgnomesu 1.0.0


References

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=695627

MLIST - [oss-security] 20110531 Re: CVE request: libgnomesu privilege escalation

MLIST - [oss-security] 20110530 CVE request: libgnomesu privilege escalation

XF - libgnomesu-setuid-privilege-escalation(67720)

BID - 48035

Related Patches

Novell SUSE 2011:7580 libgnomesu security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:56:52