ID CVE-2011-2504
Summary Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:xfree86:x11perf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86:x11perf:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86:x11perf:1.5.3:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 29-08-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 717672
title CVE-2011-2504 x11perfcomp has dot in its path
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment xorg-x11-utils is earlier than 0:7.5-6.el6
        oval oval:com.redhat.rhsa:tst:20130502005
      • comment xorg-x11-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20130502006
    • AND
      • comment xorg-x11-server-utils is earlier than 0:7.5-13.el6
        oval oval:com.redhat.rhsa:tst:20130502007
      • comment xorg-x11-server-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376158
    • AND
      • comment xorg-x11-apps is earlier than 0:7.6-6.el6
        oval oval:com.redhat.rhsa:tst:20130502009
      • comment xorg-x11-apps is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376156
rhsa
id RHSA-2013:0502
released 2013-02-21
severity Low
title RHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)
rpms
  • xorg-x11-utils-0:7.5-6.el6
  • xorg-x11-server-utils-0:7.5-13.el6
  • xorg-x11-apps-0:7.6-6.el6
refmap via4
bid 58082
misc https://bugzilla.redhat.com/show_bug.cgi?id=717672
mlist [xorg-announce] 20110727 [ANNOUNCE] x11perf 1.5.4
xf x11perf-priv-esc(82241)
Last major update 29-08-2017 - 01:29
Published 08-03-2013 - 22:55
Back to Top