CVE-2011-2910 Vulnerability Details

  /     /     /  

CVE-2011-2910 Metadata Quick Info

CVE Published: 15/11/2019 | CVE Updated: 06/08/2024 | CVE Year: 2011
Source: redhat | Vendor: ax25-tools | Product: ax25-tools
Status : PUBLISHED

---

CVE-2011-2910 Description

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: possible privilege escalation due to failure to check for s*id return values
Source: ax25-tools

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).