Vulnerability Details CVE-2011-2910
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.3%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
- https://access.redhat.com/security/cve/cve-2011-2910
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910
- https://security-tracker.debian.org/tracker/CVE-2011-2910
- https://access.redhat.com/security/cve/cve-2011-2910
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910
- https://security-tracker.debian.org/tracker/CVE-2011-2910
Products affected by CVE-2011-2910
-
cpe:2.3:a:linux-ax25:ax25-tools:-
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0