PT-2011-4851 · Openpam · Openam

Jeff Mitchell

Published

2011-11-17

Updated

2017-08-29

CVE-2011-4122

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenPAM versions prior to r478

Description A directory traversal issue exists, allowing local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service name argument to the pam start() function. This can be demonstrated by using a .. in the -c option to kcheckpass.

Recommendations For OpenPAM versions prior to r478, update to version r478 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam start() function to minimize the risk of exploitation. Avoid using the service name argument with untrusted input in the pam start() function until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2011-4122

Affected Products

Openam

PT-2011-4851 · Openpam · Openam

CVE-2011-4122

Weakness Enumeration

Related Identifiers

Affected Products

References · 11