Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4122

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-4122
Last Modified 10 Jan 2012 12:00:00
Published 17 Nov 2011 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4122

Summary

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.

Vulnerable Systems

Operating System

  • Freebsd 7.3

  • Freebsd 8.1


References

XF - openpam-Pamstart-privilege-escalation(71205)

SECUNIA - 46804

SECUNIA - 46756

OSVDB - 76945

MISC - http://c-skills.blogspot.com/2011/11/openpam-trickery.html

CONFIRM - http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c

MISC - http://stealth.openwall.net/xSports/pamslam

MLIST - [oss-security] 20111208 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111207 Disputing CVE-2011-4122


Last Updated: 27 May 2016 10:57:51