CVE-2011-1849
published 2011-05-13CVE-2011-1849: tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.57%
95.2th percentile
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | intelligent_management_center | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3xmp-547j-hfx2: tftpserver
ghsa_unreviewed·2022-05-13
CVE-2011-1849 [HIGH] CWE-20 GHSA-3xmp-547j-hfx2: tftpserver
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
Red Hat
kernel: possible privilege escalation via SG_IO ioctl
vendor_redhat·2011-12-22·CVSS 4.6
CVE-2011-4127 [MEDIUM] CWE-284 kernel: possible privilege escalation via SG_IO ioctl
kernel: possible privilege escalation via SG_IO ioctl
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
Statement: This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2011-1849.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/upda
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750http://securitytracker.com/id?1025519http://www.securityfocus.com/bid/47789http://www.zerodayinitiative.com/advisories/ZDI-11-161/http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750http://securitytracker.com/id?1025519http://www.securityfocus.com/bid/47789http://www.zerodayinitiative.com/advisories/ZDI-11-161/
2011-05-13
Published