QwikSec

Security Database

CVE

CWE

Training

CVE-2011-5054

Published: Jan 6, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

kcheckpass-pamstart-priv-esc(72230)

vdb-entry

x_refsource_XF

[oss-security] 20111207 Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20111228 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20111228 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20111224 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20120102 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20111226 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

http://c-skills.blogspot.com/2011/11/openpam-trickery.html

x_refsource_MISC

[oss-security] 20111208 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

[oss-security] 20120102 Re: Disputing CVE-2011-4122

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.