CVE-2011-1946
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
07/07/2011
Last modified:
11/04/2025
Description
gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hongli_lai:libgnomesu:1.0.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://openwall.com/lists/oss-security/2011/05/30/2
- http://openwall.com/lists/oss-security/2011/05/31/11
- http://www.securityfocus.com/bid/48035
- https://bugzilla.novell.com/show_bug.cgi?id=695627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67720
- http://openwall.com/lists/oss-security/2011/05/30/2
- http://openwall.com/lists/oss-security/2011/05/31/11
- http://www.securityfocus.com/bid/48035
- https://bugzilla.novell.com/show_bug.cgi?id=695627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67720