Details of VAR-201104-0277

ID

VAR-201104-0277

CVE

CVE-2011-1496

TITLE

tmux In utmp Vulnerability to obtain group privileges

Trust: 0.8

sources: JVNDB: JVNDB-2011-004405

DESCRIPTION

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. Local attackers may exploit this issue to gain elevated privileges; other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2212-1 security@debian.org http://www.debian.org/security/ Nico Golde April 7, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tmux Vulnerability : privilege escalation Problem type : local Debian-specific: yes CVE ID : CVE-2011-1496 Debian bug : 620304 Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. The oldstable distribution (lenny) is not affected by this problem, it does not include tmux. For the stable distribution (squeeze), this problem has been fixed in version 1.3-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.4-6. For the testing distribution (sid), this problem has been fixed in version 1.4-6. We recommend that you upgrade your tmux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2eFbcACgkQHYflSXNkfP/NsgCfcy8X81nTclGCQSWTXxX1/wDF o3kAnR7KmINuzH+MnbAls9Vf8Ewib/Bc =jUL0 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: Debian update for tmux SECUNIA ADVISORY ID: SA44081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 RELEASE DATE: 2011-04-09 DISCUSS ADVISORY: http://secunia.com/advisories/44081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tmux. The security issue is caused due to the application not dropping group privileges and can be exploited to perform certain actions using permissions of the "tmux" group. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: Reported by Daniel Danner in a Debian bug report. ORIGINAL ADVISORY: DSA-2212-1: http://www.debian.org/security/2011/dsa-2212 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2011-1496 // JVNDB: JVNDB-2011-004405 // BID: 47283 // PACKETSTORM: 100226 // PACKETSTORM: 100537 // PACKETSTORM: 100239

AFFECTED PRODUCTS

vendor:	nicholas marriott	model:	tmux	scope:	eq	version:	1.3	Trust: 1.6
vendor:	nicholas marriott	model:	tmux	scope:	eq	version:	1.4	Trust: 1.6
vendor:	nicholas marriott	model:	tmux	scope:	eq	version:	1.3 and 1.4	Trust: 0.8
vendor:	tmux	model:	tmux	scope:	eq	version:	1.4	Trust: 0.3
vendor:	tmux	model:	tmux	scope:	eq	version:	1.3	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 47283 // JVNDB: JVNDB-2011-004405 // CNNVD: CNNVD-201104-177 // NVD: CVE-2011-1496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1496
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-1496
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201104-177
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2011-1496
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2011-004405 // CNNVD: CNNVD-201104-177 // NVD: CVE-2011-1496

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2011-004405 // NVD: CVE-2011-1496

THREAT TYPE

local

Trust: 1.1

sources: BID: 47283 // PACKETSTORM: 100537 // PACKETSTORM: 100239 // CNNVD: CNNVD-201104-177

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201104-177

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004405

PATCH

title:

Top Page

url:

http://tmux.sourceforge.net/

Trust: 0.8

sources: JVNDB: JVNDB-2011-004405

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1496	Trust: 2.8
db:	BID	id:	47283	Trust: 1.9
db:	SECUNIA	id:	44239	Trust: 1.7
db:	SECUNIA	id:	44081	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0897	Trust: 1.6
db:	EXPLOIT-DB	id:	17147	Trust: 1.6
db:	VUPEN	id:	ADV-2011-1002	Trust: 1.0
db:	VUPEN	id:	ADV-2011-1015	Trust: 1.0
db:	JVNDB	id:	JVNDB-2011-004405	Trust: 0.8
db:	DEBIAN	id:	DSA-2212	Trust: 0.6
db:	CNNVD	id:	CNNVD-201104-177	Trust: 0.6
db:	PACKETSTORM	id:	100226	Trust: 0.1
db:	PACKETSTORM	id:	100537	Trust: 0.1
db:	PACKETSTORM	id:	100239	Trust: 0.1

sources: BID: 47283 // JVNDB: JVNDB-2011-004405 // PACKETSTORM: 100226 // PACKETSTORM: 100537 // PACKETSTORM: 100239 // CNNVD: CNNVD-201104-177 // NVD: CVE-2011-1496

REFERENCES

url:	http://www.debian.org/security/2011/dsa-2212	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0897	Trust: 1.6
url:	http://www.securityfocus.com/bid/47283	Trust: 1.6
url:	http://www.exploit-db.com/exploits/17147	Trust: 1.6
url:	http://secunia.com/advisories/44081	Trust: 1.6
url:	http://secunia.com/advisories/44239	Trust: 1.6
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/058367.html	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/1015	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/66693	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/058548.html	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2011/1002	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/058452.html	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1496	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1496	Trust: 0.8
url:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620304	Trust: 0.3
url:	http://tmux.sourceforge.net/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1496	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44239	Trust: 0.1
url:	http://secunia.com/advisories/44239/#comments	Trust: 0.1
url:	http://secunia.com/blog/210	Trust: 0.1
url:	http://secunia.com/advisories/44239/	Trust: 0.1
url:	http://secunia.com/advisories/44081/	Trust: 0.1
url:	http://secunia.com/advisories/44081/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44081	Trust: 0.1
url:	http://secunia.com/resources/factsheets/2011_vendor/	Trust: 0.1

sources: BID: 47283 // JVNDB: JVNDB-2011-004405 // PACKETSTORM: 100226 // PACKETSTORM: 100537 // PACKETSTORM: 100239 // CNNVD: CNNVD-201104-177 // NVD: CVE-2011-1496

CREDITS

Daniel Danner

Trust: 0.3

sources: BID: 47283

SOURCES

db:	BID	id:	47283
db:	JVNDB	id:	JVNDB-2011-004405
db:	PACKETSTORM	id:	100226
db:	PACKETSTORM	id:	100537
db:	PACKETSTORM	id:	100239
db:	CNNVD	id:	CNNVD-201104-177
db:	NVD	id:	CVE-2011-1496

LAST UPDATE DATE

2024-11-23T22:19:03.137000+00:00

SOURCES UPDATE DATE

db:	BID	id:	47283	date:	2015-05-07T17:09:00
db:	JVNDB	id:	JVNDB-2011-004405	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201104-177	date:	2011-04-19T00:00:00
db:	NVD	id:	CVE-2011-1496	date:	2024-11-21T01:26:26.800

SOURCES RELEASE DATE

db:	BID	id:	47283	date:	2011-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2011-004405	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	100226	date:	2011-04-09T18:52:02
db:	PACKETSTORM	id:	100537	date:	2011-04-18T05:19:45
db:	PACKETSTORM	id:	100239	date:	2011-04-09T11:32:08
db:	CNNVD	id:	CNNVD-201104-177	date:	2011-04-19T00:00:00
db:	NVD	id:	CVE-2011-1496	date:	2011-04-18T18:55:01.077