CVE-2011-0468

The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/43825	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2011-03/msg00010.html	Vendor Advisory
http://support.novell.com/security/cve/CVE-2011-0468.html
http://www.osvdb.org/71253
http://www.securityfocus.com/bid/46983
https://bugzilla.novell.com/678827
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/66245

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*

Information

Published : 2011-04-04 05:27

Updated : 2018-10-30 09:27

NVD link : CVE-2011-0468

Mitre link : CVE-2011-0468

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/43825", "name": "43825", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-updates/2011-03/msg00010.html", "name": "[opensuse-updates] 20110322 openSUSE-SU-2011:0207-1 (moderate): aaa_base security update", "tags": ["Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://support.novell.com/security/cve/CVE-2011-0468.html", "name": "http://support.novell.com/security/cve/CVE-2011-0468.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/71253", "name": "71253", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/46983", "name": "46983", "tags": [], "refsource": "BID"}, {"url": "https://bugzilla.novell.com/678827", "name": "https://bugzilla.novell.com/678827", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "name": "SUSE-SR:2011:005", "tags": [], "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66245", "name": "aaabase-filename-privilege-escalation(66245)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0468", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-04T12:27Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}