Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-3628

Опубликовано: 15 апр. 2014
Источник: nvd
CVSS2: 6.9
EPSS Низкий

Описание

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

Комментарий

Per: http://cwe.mitre.org/data/definitions/426.html

"CWE-426: Untrusted Search Path"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:canonical:libpam-modules:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:canonical:libpam-modules:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:canonical:libpam-modules:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:canonical:libpam-modules:1.1.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00051
Низкий

6.9 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2011-3628

ubuntu
почти 12 лет назад

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

debian логотип

CVE-2011-3628

debian
почти 12 лет назад

Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...

github логотип

GHSA-9hgw-rg97-xh38

github
больше 3 лет назад

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

EPSS

Процентиль: 16%
0.00051
Низкий

6.9 Medium

CVSS2

Дефекты

NVD-CWE-Other