Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5054

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-5054
Last Modified 31 Jan 2012 11:12:38
Published 06 Jan 2012 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5054

Summary

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

Vulnerable Systems

Application

  • Kde Kcheckpass


References

MLIST - [oss-security] 20120102 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111228 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111226 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111224 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111208 Re: Disputing CVE-2011-4122

MLIST - [oss-security] 20111207 Disputing CVE-2011-4122

MISC - http://c-skills.blogspot.com/2011/11/openpam-trickery.html

XF - kcheckpass-pamstart-priv-esc(72230)


Last Updated: 27 May 2016 10:57:18