Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2011-5054

Опубликовано: 06 янв. 2012
Источник: debian
EPSS Низкий

Описание

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
kdebase-workspaceunfixedpackage

Примечания

  • the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints)

  • Not exploitable without OpenPAM

EPSS

Процентиль: 12%
0.00039
Низкий

Связанные уязвимости

nvd логотип

CVE-2011-5054

nvd
около 14 лет назад

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

github логотип

GHSA-5589-2667-wwgx

github
больше 3 лет назад

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

EPSS

Процентиль: 12%
0.00039
Низкий