Home > Vulnerability Database > CVE-2011-0523

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2011-0523

Date: August 13, 2012

gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.

Language: C

Severity Score

2.9

Related Resources (13)

Url: http://lists.opensuse.org/opensuse-updates/2012-07/msg00034.html

Url: http://cgit.freedesktop.org/gypsy/commit/?id=40101707cddb319481133b2a137294b6b669bd16

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107020.html

Url: https://bugs.freedesktop.org/show_bug.cgi?id=33431

Url: http://www.openwall.com/lists/oss-security/2011/01/24/10

Url: http://www.openwall.com/lists/oss-security/2011/01/25/10

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106919.html

Url: https://access.redhat.com/security/cve/CVE-2011-0523

Url: http://secunia.com/advisories/49991

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0523

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106927.html

Url: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323

Url: https://www.mend.io/vulnerability-database/CVE-2011-0523

Severity Score

2.9

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us