PT-2011-4851 · Openpam · Openam

Jeff Mitchell

Publicado

2011-11-17

Atualizado

2017-08-29

CVE-2011-4122

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenPAM versions prior to r478

Description A directory traversal issue exists, allowing local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service name argument to the pam start() function. This can be demonstrated by using a .. in the -c option to kcheckpass.

Recommendations For OpenPAM versions prior to r478, update to version r478 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam start() function to minimize the risk of exploitation. Avoid using the service name argument with untrusted input in the pam start() function until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2011-4122

Produtos afetados

Openam

PT-2011-4851 · Openpam · Openam

CVE-2011-4122

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11