NVD

Id
10642  
Name
CVE-2011-4122  
Description
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2011-11-17  
Modified Date
2012-01-10  
Seq
2011-4122  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
60186 10642 CVE-2011-4122 http://c-skills.blogspot.com/2011/11/openpam-trickery.html  View
60187 10642 CVE-2011-4122 [oss-security] 20111207 Disputing CVE-2011-4122  View
60188 10642 CVE-2011-4122 [oss-security] 20111208 Re: Disputing CVE-2011-4122  View
60189 10642 CVE-2011-4122 http://stealth.openwall.net/xSports/pamslam  View
60190 10642 CVE-2011-4122 http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c  View
60191 10642 CVE-2011-4122 openpam-Pamstart-privilege-escalation(71205)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
32748 JVNDB-2011-002988 FreeBSD の openpam_configure.c におけるディレクトリトラバーサルの脆弱性 FreeBSD の OpenPAM 内にある openpam_configure.c には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2011-4122 52029 CVE-2011-4122 10642 6.9 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002988.html 2011-11-17 2012-01-13 View