Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
References
Link | Resource |
---|---|
https://bbs.archlinux.org/viewtopic.php?id=64066&p=1 | Exploit Third Party Advisory |
https://www.openwall.com/lists/oss-security/2011/11/22/4 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-12T18:11:17
Updated: 2020-02-12T18:11:17
Reserved: 2011-11-04T00:00:00
Link: CVE-2011-4338
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-12T19:15:13.203
Modified: 2020-02-25T18:54:33.713
Link: CVE-2011-4338
JSON object: View
Redhat Information
No data.
CWE