The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2011-2910 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910 | Issue Tracking Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2910 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-15T16:37:29
Updated: 2019-11-15T16:37:29
Reserved: 2011-07-27T00:00:00
Link: CVE-2011-2910
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-15T17:15:12.617
Modified: 2019-11-26T15:08:52.157
Link: CVE-2011-2910
JSON object: View
Redhat Information
No data.
CWE