CVE-2011-1946

high

Description

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/67720

https://bugzilla.novell.com/show_bug.cgi?id=695627

http://www.securityfocus.com/bid/48035

http://openwall.com/lists/oss-security/2011/05/31/11

http://openwall.com/lists/oss-security/2011/05/30/2

Details

Source: Mitre, NVD

Published: 2011-07-07

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High