exploitDog

CVE-2011-4338

Опубликовано: 12 фев. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.

Ссылки

https://bbs.archlinux.org/viewtopic.php?id=64066&p=1
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/11/22/4
Mailing List
Third Party Advisory
https://bbs.archlinux.org/viewtopic.php?id=64066&p=1
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/11/22/4
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shaman_project:shaman:1.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-gx3r-q563-w43q

github

почти 4 года назад

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287