CVE-2011-2910

Sažetak

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

Reference

https://access.redhat.com/security/cve/cve-2011-2910
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910
https://security-tracker.debian.org/tracker/CVE-2011-2910

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-11-2019 - 15:08

Objavljeno

15-11-2019 - 17:15