CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2011-1694.html
https://bugzilla.redhat.com/show_bug.cgi?id=722694	Vendor Advisory
https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libcap:libcap::::::::
	cpe:2.3:a:libcap:libcap:2.00:::::::*
	cpe:2.3:a:libcap:libcap:2.01:::::::*
	cpe:2.3:a:libcap:libcap:2.02:::::::*
	cpe:2.3:a:libcap:libcap:2.03:::::::*
	cpe:2.3:a:libcap:libcap:2.04:::::::*
	cpe:2.3:a:libcap:libcap:2.05:::::::*
	cpe:2.3:a:libcap:libcap:2.06:::::::*
	cpe:2.3:a:libcap:libcap:2.07:::::::*
	cpe:2.3:a:libcap:libcap:2.08:::::::*
	cpe:2.3:a:libcap:libcap:2.09:::::::*
	cpe:2.3:a:libcap:libcap:2.10:::::::*
	cpe:2.3:a:libcap:libcap:2.11:::::::*
	cpe:2.3:a:libcap:libcap:2.12:::::::*
	cpe:2.3:a:libcap:libcap:2.13:::::::*
	cpe:2.3:a:libcap:libcap:2.14:::::::*
	cpe:2.3:a:libcap:libcap:2.15:::::::*
	cpe:2.3:a:libcap:libcap:2.16:::::::*
	cpe:2.3:a:libcap:libcap:2.17:::::::*
	cpe:2.3:a:libcap:libcap:2.18:::::::*
	cpe:2.3:a:libcap:libcap:2.19:::::::*
	cpe:2.3:a:libcap:libcap:2.20:::::::*

History

No history.

Information

Published : 2014-02-08 00:55

Updated : 2014-02-10 15:09

NVD link : CVE-2011-4099

Mitre link : CVE-2011-4099

CVE.ORG link : CVE-2011-4099

JSON object : View

Products Affected

libcap

libcap

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-4099", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-08T00:55:05.863", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2011-1694.html", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722694", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors."}, {"lang": "es", "value": "El programa capsh en libcap anterior a 2.22 no cambia el directorio de trabajo actual cuando la opci\u00f3n --chroot es especificada, lo que permite a usuarios locales evadir las restricciones chroot a trav\u00e9s de vectores no especificados."}], "lastModified": "2014-02-10T15:09:31.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libcap:libcap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37972F96-847C-4FC3-86ED-26A8B921CC86", "versionEndIncluding": "2.21"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46EA77FD-A32F-4C18-9480-3B29F10C7969"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A3F14FF-14FB-4324-954A-2D358D330079"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8441A7F-E9B1-4D8C-B537-E0695962FFEA"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F66014-3C80-49A0-93FB-A26270FDB11A"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91CACA9-16A5-4555-A04E-311596E458C4"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0B2C85E-5B2A-4241-8FFD-FAE0EFB280E2"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "871942FF-7CA5-4C19-A245-9F8F9F9E5EB0"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC941B9F-C09A-4B51-9406-31D7EA9C69E4"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAB75E70-0033-414F-9803-CAA65BF4B489"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6204CACC-5B6A-4C14-83A8-929C6A120F9D"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D34C8E-1924-4032-9C2C-0DC4252C99E5"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17BB37BB-C4D9-4302-A309-71806A27A5CF"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E85FEE1-A845-45A7-BCC0-D3100A914FB9"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A38D4EF-EC74-4B9A-A540-9F3974B812F4"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A519A7-4E10-45CE-83B4-86235CB2DB7D"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AD0FC55-E634-4067-A92F-0E4FAD1BE1AF"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66700E0B-D90F-4078-A6AB-FAA4D7E3BE6C"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBE43A0-2E40-4D61-BBEA-F4969E7F6BA1"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA0A31AE-A947-4645-A55E-2048C6E08A4B"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "614134AD-8C32-4A72-9570-56D458B336B0"}, {"criteria": "cpe:2.3:a:libcap:libcap:2.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A3B426-F41A-4833-892E-913BC87B01FC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}