Vulnerability Description
gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hongli Lai | Libgnomesu | 1.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2011/05/30/2Patch
- http://openwall.com/lists/oss-security/2011/05/31/11Patch
- http://www.securityfocus.com/bid/48035
- https://bugzilla.novell.com/show_bug.cgi?id=695627Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67720
- http://openwall.com/lists/oss-security/2011/05/30/2Patch
- http://openwall.com/lists/oss-security/2011/05/31/11Patch
- http://www.securityfocus.com/bid/48035
- https://bugzilla.novell.com/show_bug.cgi?id=695627Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67720
FAQ
What is CVE-2011-1946?
CVE-2011-1946 is a vulnerability with a CVSS score of 7.2 (HIGH). gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by ...
How severe is CVE-2011-1946?
CVE-2011-1946 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1946?
Check the references section above for vendor advisories and patch information. Affected products include: Hongli Lai Libgnomesu.