Search criteria
1 vulnerability by shaman_project
CVE-2011-4338 (GCVE-0-2011-4338)
Vulnerability from cvelistv5 – Published: 2020-02-12 18:11 – Updated: 2024-08-07 00:01
VLAI?
Summary
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
Severity ?
No CVSS data available.
CWE
- authorization error
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
| https://bbs.archlinux.org/viewtopic.php?id=64066&p=1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shaman",
"vendor": "shaman",
"versions": [
{
"status": "affected",
"version": "1.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authorization error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T18:11:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shaman",
"version": {
"version_data": [
{
"version_value": "1.0.9"
}
]
}
}
]
},
"vendor_name": "shaman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authorization error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/22/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"name": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1",
"refsource": "MISC",
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4338",
"datePublished": "2020-02-12T18:11:17.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}