Vulnerability CVE-2001-1240

Vulnerability Name:

CVE-2001-1240 (CCN-10358)

Assigned:

2001-07-11

Published:

2001-07-11

Updated:

2008-09-05

Summary:

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2001-1240

Source: ENGARDE
Type: Patch, Vendor Advisory
ESA-20010711-02

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20010711-02
sudo

Source: CCN
Type: OSVDB ID: 5450
Engarde Secure Linux sudo Admin Group Privilege Escalation

Source: CCN
Type: BID-3019
EnGarde sudo Privileged Command Execution Vulnerability

Source: XF
Type: UNKNOWN
engarde-sudo-gain-privileges(10358)

Vulnerable Configuration:

Configuration 1:

cpe:/o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK