Vulnerability Details : CVE-2011-5054
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2011-5054
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-5054
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-5054
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-5054
-
http://openwall.com/lists/oss-security/2011/12/08/9
oss-security - Re: Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2011/12/07/3
oss-security - Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2011/12/28/5
oss-security - Re: Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2012/01/02/10
oss-security - Re: Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2011/12/27/3
oss-security - Re: Disputing CVE-2011-4122
-
http://c-skills.blogspot.com/2011/11/openpam-trickery.html
C-skills: openpam trickery
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72230
kcheckpass pam_start privilege escalation CVE-2011-5054 Vulnerability Report
-
http://openwall.com/lists/oss-security/2011/12/27/1
oss-security - Re: Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2011/12/23/8
oss-security - Re: Disputing CVE-2011-4122
-
http://openwall.com/lists/oss-security/2012/01/02/11
oss-security - Re: Disputing CVE-2011-4122
Products affected by CVE-2011-5054
- cpe:2.3:a:kde:kcheckpass:*:*:*:*:*:*:*:*