Vulnerability Description
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux-Ax25 | Ax25-Tools | < 0.0.8-13 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2011-2910Broken Link
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910Issue TrackingThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-2910Third Party Advisory
- https://access.redhat.com/security/cve/cve-2011-2910Broken Link
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910Issue TrackingThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-2910Third Party Advisory
FAQ
What is CVE-2011-2910?
CVE-2011-2910 is a vulnerability with a CVSS score of 6.7 (MEDIUM). The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would c...
How severe is CVE-2011-2910?
CVE-2011-2910 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2910?
Check the references section above for vendor advisories and patch information. Affected products include: Linux-Ax25 Ax25-Tools, Debian Debian Linux.