CVE-2011-4122 - OpenCVE

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*

References

Link	Resource
http://c-skills.blogspot.com/2011/11/openpam-trickery.html	Exploit
http://openwall.com/lists/oss-security/2011/12/07/3
http://openwall.com/lists/oss-security/2011/12/08/9
http://osvdb.org/76945
http://secunia.com/advisories/46756	Vendor Advisory
http://secunia.com/advisories/46804	Vendor Advisory
http://stealth.openwall.net/xSports/pamslam
http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c
https://exchange.xforce.ibmcloud.com/vulnerabilities/71205

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-11-17T19:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2011-10-18T00:00:00

Link: CVE-2011-4122

JSON object: View

NVD Information

Status : Modified

Published: 2011-11-17T19:55:01.563

Modified: 2017-08-29T01:30:27.647

Link: CVE-2011-4122

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://stealth.openwall.net/xSports/pamslam"}, {"name": "46756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46756"}, {"name": "[oss-security] 20111207 Disputing CVE-2011-4122", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/07/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c"}, {"name": "openpam-Pamstart-privilege-escalation(71205)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205"}, {"name": "76945", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/76945"}, {"tags": ["x_refsource_MISC"], "url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"}, {"name": "[oss-security] 20111208 Re: Disputing CVE-2011-4122", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/08/9"}, {"name": "46804", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46804"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4122", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://stealth.openwall.net/xSports/pamslam", "refsource": "MISC", "url": "http://stealth.openwall.net/xSports/pamslam"}, {"name": "46756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46756"}, {"name": "[oss-security] 20111207 Disputing CVE-2011-4122", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/12/07/3"}, {"name": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c", "refsource": "CONFIRM", "url": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c"}, {"name": "openpam-Pamstart-privilege-escalation(71205)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205"}, {"name": "76945", "refsource": "OSVDB", "url": "http://osvdb.org/76945"}, {"name": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html", "refsource": "MISC", "url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"}, {"name": "[oss-security] 20111208 Re: Disputing CVE-2011-4122", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/12/08/9"}, {"name": "46804", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46804"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4122", "datePublished": "2011-11-17T19:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "9899C87E-2C09-46AE-BC24-1ACF012784CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en el archivo openpam_configure.c en OpenPAM anterior a versi\u00f3n r478 en FreeBSD versi\u00f3n 8.1, permite a los usuarios locales cargar DSO arbitrarios y alcanzar privilegios por medio de un .. (punto) en el argumento service_name para la funci\u00f3n pam_start, como es demostrado por un .. en la opci\u00f3n -c en kcheckpass."}], "id": "CVE-2011-4122", "lastModified": "2017-08-29T01:30:27.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-17T19:55:01.563", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/12/07/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/12/08/9"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/76945"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46756"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46804"}, {"source": "secalert@redhat.com", "url": "http://stealth.openwall.net/xSports/pamslam"}, {"source": "secalert@redhat.com", "url": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}