CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3628

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.9%

CVSS Severity

CVSS v2 Score 6.9

References

Products affected by CVE-2011-3628

Canonical » Libpam-Modules » Version: 0.9.7

cpe:2.3:a:canonical:libpam-modules:0.9.7
Canonical » Libpam-Modules » Version: 1.1.1

cpe:2.3:a:canonical:libpam-modules:1.1.1
Canonical » Libpam-Modules » Version: 1.1.2

cpe:2.3:a:canonical:libpam-modules:1.1.2
Canonical » Libpam-Modules » Version: 1.1.3

cpe:2.3:a:canonical:libpam-modules:1.1.3
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 10.10

cpe:2.3:o:canonical:ubuntu_linux:10.10
Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 8.04

cpe:2.3:o:canonical:ubuntu_linux:8.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3628

Products

Pricing

Contact Us