OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
BID:50607
Info
OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
| Bugtraq ID: | 50607 |
| Class: | Design Error |
| CVE: |
CVE-2011-4122 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 09 2011 12:00AM |
| Updated: | Dec 23 2011 04:50PM |
| Credit: | IKCE |
| Vulnerable: |
OpenPAM OpenPAM 0 NetBSD NetBSD current pre20010805 NetBSD NetBSD current August 23 2006 NetBSD NetBSD 4.0.2 NetBSD NetBSD 4.0.1 NetBSD NetBSD current pre20061022 NetBSD NetBSD current pre20010701 NetBSD NetBSD Current NetBSD NetBSD 5.1 NetBSD NetBSD 4.0 BETA2 FreeBSD Freebsd 9.0-STABLE FreeBSD Freebsd 9.0-RELEASE FreeBSD Freebsd 9.0-RC3 FreeBSD Freebsd 9.0-RC1 FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2-RELEASE-p2 FreeBSD Freebsd 8.2-RELEASE-p1 FreeBSD Freebsd 8.2 - RELEASE -p3 FreeBSD Freebsd 8.2 FreeBSD Freebsd 8.1-RELEASE-p5 FreeBSD Freebsd 8.1-RELEASE-p4 FreeBSD FreeBSD 8.1-RELEASE FreeBSD FreeBSD 8.1-PRERELEASE FreeBSD Freebsd 8.1 FreeBSD Freebsd 7.4-STABLE FreeBSD Freebsd 7.4-RELEASE-p2 FreeBSD Freebsd 7.4 -RELEASE-p3 FreeBSD Freebsd 7.4 FreeBSD FreeBSD 7.3-STABLE FreeBSD Freebsd 7.3-RELEASE-p6 FreeBSD FreeBSD 7.3-RELEASE-p1 FreeBSD Freebsd 7.3 - RELEASE - p7 FreeBSD Freebsd 7.3 |
| Not Vulnerable: | |
Discussion
OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
OpenPAM is prone to a local privilege-escalation vulnerability.
Local attackers may exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
OpenPAM is prone to a local privilege-escalation vulnerability.
Local attackers may exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Exploit / POC
OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OpenPAM 'pam_start()' Local Privilege Escalation Vulnerability
References:
References:
- Changeset 478 for trunk/lib/openpam_configure.c (OpenPAM)
- NetBSD Security Advisory 2011-008 (NetBSD)
- OpenPAM Homepage (OpenPAM)
- openpam trickery (CSkills)
- Potential OpenPAM Vulnerability (GMANE)