CVE-2011-3628
Published Apr 15, 2014
Last updated 11 years ago
Overview
- Description
- Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:libpam-modules:0.9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A9D1AEE-4A49-4597-874C-17B7594979CF"
},
{
"criteria": "cpe:2.3:a:canonical:libpam-modules:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E5D71CF-88D6-42CC-85DD-60FC1EBF070A"
},
{
"criteria": "cpe:2.3:a:canonical:libpam-modules:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5BCE095-762D-4EDB-8D59-8220A77D3C1B"
},
{
"criteria": "cpe:2.3:a:canonical:libpam-modules:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21685E73-4374-4176-9EE8-290E4814C922"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
}
],
"operator": "OR"
}
]
}
]