CVE-2011-4099

Published Feb 8, 2014

Last updated 11 years ago

CVSS info 4.6

Overview

Description: The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libcap:libcap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37972F96-847C-4FC3-86ED-26A8B921CC86",
            "versionEndIncluding": "2.21"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46EA77FD-A32F-4C18-9480-3B29F10C7969"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3F14FF-14FB-4324-954A-2D358D330079"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8441A7F-E9B1-4D8C-B537-E0695962FFEA"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70F66014-3C80-49A0-93FB-A26270FDB11A"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91CACA9-16A5-4555-A04E-311596E458C4"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0B2C85E-5B2A-4241-8FFD-FAE0EFB280E2"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "871942FF-7CA5-4C19-A245-9F8F9F9E5EB0"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC941B9F-C09A-4B51-9406-31D7EA9C69E4"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAB75E70-0033-414F-9803-CAA65BF4B489"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6204CACC-5B6A-4C14-83A8-929C6A120F9D"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3D34C8E-1924-4032-9C2C-0DC4252C99E5"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17BB37BB-C4D9-4302-A309-71806A27A5CF"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E85FEE1-A845-45A7-BCC0-D3100A914FB9"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A38D4EF-EC74-4B9A-A540-9F3974B812F4"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A519A7-4E10-45CE-83B4-86235CB2DB7D"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AD0FC55-E634-4067-A92F-0E4FAD1BE1AF"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66700E0B-D90F-4078-A6AB-FAA4D7E3BE6C"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBE43A0-2E40-4D61-BBEA-F4969E7F6BA1"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA0A31AE-A947-4645-A55E-2048C6E08A4B"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614134AD-8C32-4A72-9570-56D458B336B0"
          },
          {
            "criteria": "cpe:2.3:a:libcap:libcap:2.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2A3B426-F41A-4833-892E-913BC87B01FC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References