exploitDog

CVE-2011-5054

Опубликовано: 06 янв. 2012

Источник: nvd

CVSS2: 6.9

EPSS Низкий

Описание

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kde:kcheckpass:*:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

6.9 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2011-5054

debian

около 14 лет назад

kcheckpass passes a user-supplied argument to the pam_start function, ...

GHSA-5589-2667-wwgx

github

больше 3 лет назад

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

EPSS

Процентиль: 12%

0.00039

Низкий

6.9 Medium

CVSS2

Дефекты

CWE-287