1. CVE-Search
  2. CVE-2011-2504
ID CVE-2011-2504
Summary Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:xfree86:x11perf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.3:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 13-02-2023 - 00:18)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 717672
title CVE-2011-2504 x11perfcomp has dot in its path
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment xorg-x11-utils is earlier than 0:7.5-6.el6
          oval oval:com.redhat.rhsa:tst:20130502001
        • comment xorg-x11-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130502002
      • AND
        • comment xorg-x11-server-utils is earlier than 0:7.5-13.el6
          oval oval:com.redhat.rhsa:tst:20130502003
        • comment xorg-x11-server-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376154
      • AND
        • comment xorg-x11-apps is earlier than 0:7.6-6.el6
          oval oval:com.redhat.rhsa:tst:20130502005
        • comment xorg-x11-apps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376152
rhsa
id RHSA-2013:0502
released 2013-02-20
severity Low
title RHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)
rpms
  • xorg-x11-apps-0:7.6-6.el6
  • xorg-x11-apps-debuginfo-0:7.6-6.el6
  • xorg-x11-server-utils-0:7.5-13.el6
  • xorg-x11-server-utils-debuginfo-0:7.5-13.el6
  • xorg-x11-utils-0:7.5-6.el6
  • xorg-x11-utils-debuginfo-0:7.5-6.el6
refmap via4
bid 58082
misc https://bugzilla.redhat.com/show_bug.cgi?id=717672
mlist [xorg-announce] 20110727 [ANNOUNCE] x11perf 1.5.4
xf x11perf-priv-esc(82241)
Last major update 13-02-2023 - 00:18
Published 08-03-2013 - 22:55
Last modified 13-02-2023 - 00:18
Back to Top