CVE-2011-2504

Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/58082
https://bugzilla.redhat.com/show_bug.cgi?id=717672
http://lists.freedesktop.org/archives/xorg-announce/2011-July/001715.html
http://rhn.redhat.com/errata/RHSA-2013-0502.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/82241

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xfree86:x11perf:1.5:::::::*
	cpe:2.3:a:xfree86:x11perf:1.5.2:::::::*
	cpe:2.3:a:xfree86:x11perf::::::::
	cpe:2.3:a:xfree86:x11perf:1.5.1:::::::*

Information

Published : 2013-03-08 14:55

Updated : 2023-02-12 16:18

NVD link : CVE-2011-2504

Mitre link : CVE-2011-2504

JSON object : View

CWE

NVD-CWE-Other

Products Affected

xfree86

x11perf

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/58082", "name": "58082", "tags": [], "refsource": "BID"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717672", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=717672", "tags": [], "refsource": "MISC"}, {"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-July/001715.html", "name": "[xorg-announce] 20110727 [ANNOUNCE] x11perf 1.5.4", "tags": [], "refsource": "MLIST"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0502.html", "name": "RHSA-2013:0502", "tags": [], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82241", "name": "x11perf-priv-esc(82241)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2504", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-03-08T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xfree86:x11perf:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:xfree86:x11perf:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:xfree86:x11perf:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.3"}, {"cpe23Uri": "cpe:2.3:a:xfree86:x11perf:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T00:18Z"}

6.9 /10