CVE-2011-0523

gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://cgit.freedesktop.org/gypsy/commit/?id=40101707cddb319481133b2a137294b6b669bd16	Exploit Patch
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106919.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106927.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107020.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00034.html
http://secunia.com/advisories/49991	Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/01/24/10
http://www.openwall.com/lists/oss-security/2011/01/25/10
https://bugs.freedesktop.org/show_bug.cgi?id=33431
https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323

Configurations

Configuration 1 (hide)

cpe:2.3:a:iain:gypsy:0.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-13 20:55

Updated : 2024-02-28 12:00

NVD link : CVE-2011-0523

Mitre link : CVE-2011-0523

CVE.ORG link : CVE-2011-0523

JSON object : View

Products Affected

iain

gypsy

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-0523", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-13T20:55:01.647", "references": [{"url": "http://cgit.freedesktop.org/gypsy/commit/?id=40101707cddb319481133b2a137294b6b669bd16", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106919.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106927.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107020.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00034.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49991", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/01/24/10", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/01/25/10", "source": "secalert@redhat.com"}, {"url": "https://bugs.freedesktop.org/show_bug.cgi?id=33431", "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors."}, {"lang": "es", "value": "gypsy v0.8 no restringe adecuadamente los archivos que se pueden leer cuando se ejecuta con privilegios de superadministrador, lo que permite a usuarios locales leer algunos ficheros restringidos a trav\u00e9s de vectores no especificados.\r\n"}], "lastModified": "2013-12-13T04:46:45.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iain:gypsy:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24D0541B-DE92-4B8D-AEB6-488E86B10128"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}