CVE-2011-4122
published 2011-11-17CVE-2011-4122: Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges…
PriorityP432medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
0.97%
57.5th percentile
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5589-2667-wwgx: kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any config
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2011-5054 [MEDIUM] CWE-287 GHSA-5589-2667-wwgx: kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any config
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
GHSA
GHSA-xh8r-pw4r-9vx4: Directory traversal vulnerability in openpam_configure
ghsa_unreviewed·2022-05-17
CVE-2011-4122 [MEDIUM] CWE-22 GHSA-xh8r-pw4r-9vx4: Directory traversal vulnerability in openpam_configure
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.
BSD
FreeBSD-SA-11:10.pam: pam_start() does not validate service names
bsd_advisories·2011-12-23·CVSS 6.9
CVE-2011-4122 [MEDIUM] FreeBSD-SA-11:10.pam: pam_start() does not validate service names
FreeBSD-SA-11:10.pam Security Advisory
The FreeBSD Project
Topic: pam_start() does not validate service names
Category: contrib
Module: pam
Announced: 2011-12-23
Credits: Matthias Drochner
Affects: All supported versions of FreeBSD.
Corrected: 2011-12-13 13:03:11 UTC (RELENG_7, 7.4-STABLE)
2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
2011-12-13 13:02:52 UTC (RELENG_8, 8.2-STABLE)
2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
2011-12-13 12:59:39 UTC (RELENG_9, 9.0-STABLE)
2011-12-13 13:02:31 UTC (RELENG_9_0, 9.0-RELEASE)
CVE Name: CVE-2011-4122
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches,
No detection rules found.
No writeups or analysis indexed.
http://c-skills.blogspot.com/2011/11/openpam-trickery.htmlhttp://openwall.com/lists/oss-security/2011/12/07/3http://openwall.com/lists/oss-security/2011/12/08/9http://osvdb.org/76945http://secunia.com/advisories/46756http://secunia.com/advisories/46804http://stealth.openwall.net/xSports/pamslamhttp://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.chttps://exchange.xforce.ibmcloud.com/vulnerabilities/71205http://c-skills.blogspot.com/2011/11/openpam-trickery.htmlhttp://openwall.com/lists/oss-security/2011/12/07/3http://openwall.com/lists/oss-security/2011/12/08/9http://osvdb.org/76945http://secunia.com/advisories/46756http://secunia.com/advisories/46804http://stealth.openwall.net/xSports/pamslamhttp://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.chttps://exchange.xforce.ibmcloud.com/vulnerabilities/71205
2011-11-17
Published