Vulnerability Description
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nicholas Marriott | Tmux | 1.3 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058548.html
- http://secunia.com/advisories/44081Vendor Advisory
- http://secunia.com/advisories/44239Vendor Advisory
- http://www.debian.org/security/2011/dsa-2212
- http://www.exploit-db.com/exploits/17147Exploit
- http://www.securityfocus.com/bid/47283
- http://www.vupen.com/english/advisories/2011/0897Vendor Advisory
- http://www.vupen.com/english/advisories/2011/1002Vendor Advisory
- http://www.vupen.com/english/advisories/2011/1015Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66693
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058367.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058452.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058548.html
FAQ
What is CVE-2011-1496?
CVE-2011-1496 is a vulnerability with a CVSS score of 4.6 (MEDIUM). tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
How severe is CVE-2011-1496?
CVE-2011-1496 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1496?
Check the references section above for vendor advisories and patch information. Affected products include: Nicholas Marriott Tmux.