Vulnerability CVE-2011-4099

Vulnerability Name:

CVE-2011-4099 (CCN-71667)

Assigned:

2011-07-16

Published:

2011-07-16

Updated:

2014-02-10

Summary:

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.1 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-4099

Source: CCN
Type: libcap Web page
libcap

Source: CCN
Type: RHSA-2011-1694
Low: libcap security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1694

Source: CCN
Type: BID-50488
libcap Local Security Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 722694
CVE-2011-4099 capsh: does not chdir after chroot

Source: CONFIRM
Type: Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=722694

Source: XF
Type: UNKNOWN
libcap-chroot-security-bypass(71667)

Source: CONFIRM
Type: UNKNOWN
https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222

Vulnerable Configuration:

Configuration 1:

cpe:/a:libcap:libcap:2.00:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.01:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.02:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.03:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.04:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.05:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.06:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.07:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.08:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.09:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.10:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.11:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.12:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.13:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.14:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.15:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.16:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.17:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.18:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.19:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:2.20:*:*:*:*:*:*:*

OR cpe:/a:libcap:libcap:*:*:*:*:*:*:*:* (Version <= 2.21)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libcap:libcap:2.00:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20114099	V	CVE-2011-4099	2022-05-20
oval:org.opensuse.security:def:42351	P	Security update for vim (Important)	2022-03-04
oval:org.opensuse.security:def:26226	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:31721	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:42148	P	Security update for python-Babel (Important)	2021-12-06
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:32231	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:31295	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:26154	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:32187	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26124	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:33965	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:31663	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:31657	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31221	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31645	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31209	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31210	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:33926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:26071	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:26070	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36179	P	libcap-progs-2.11-2.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:42586	P	libcap-progs-2.11-2.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36439	P	libcap-devel-2.11-2.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26064	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:31629	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:32099	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32920	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:32908	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:32077	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:33103	P	Security update for ovmf (Moderate)	2021-03-29
oval:org.opensuse.security:def:26212	P	Security update for python3 (Moderate)	2021-03-19
oval:org.opensuse.security:def:33076	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:31731	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26192	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:32255	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:32833	P	Security update for ovmf (Moderate)	2020-12-16
oval:org.opensuse.security:def:32012	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:25971	P	Security update for fontforge (Moderate)	2020-12-04
oval:org.opensuse.security:def:35741	P	libcap-progs-2.11-2.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35944	P	libcap-progs-2.11-2.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31412	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26013	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26720	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32457	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28658	P	Security update for elfutils	2020-12-01
oval:org.opensuse.security:def:25869	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31963	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:27177	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25494	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31497	P	Security update for python-lxml	2020-12-01
oval:org.opensuse.security:def:32360	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:29877	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32469	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:28800	P	Security update for openssh (Important)	2020-12-01
oval:org.opensuse.security:def:32029	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25506	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26358	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:32421	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:25989	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32682	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29036	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31865	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26446	P	Security update for kconfig, kdelibs4 (Important)	2020-12-01
oval:org.opensuse.security:def:29139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26908	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25836	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26504	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26273	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:29195	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25293	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31427	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27437	P	libcap-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25728	P	Security update for python-cffi, python-cryptography (Moderate)	2020-12-01
oval:org.opensuse.security:def:26414	P	Security update for python-Django (Moderate)	2020-12-01
oval:org.opensuse.security:def:33182	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32667	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25368	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:31576	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:25740	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26618	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33244	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25577	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31819	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:33142	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31411	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:25932	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26706	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26741	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28527	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31924	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:27142	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31423	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32311	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:26764	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32458	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28743	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:25922	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31985	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25495	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26305	P	Security update for python-setuptools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32399	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:29913	P	Security update for libcap	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28884	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26010	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:32869	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25570	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32465	P	Security update for xorg-x11-libXv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32776	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29090	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25779	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32021	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:26460	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29178	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:26943	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25292	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25920	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:27402	P	freeradius-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26330	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:33133	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29239	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25304	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31519	P	Security update for sendmail	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:31863	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26565	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33221	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32706	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28447	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25496	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25804	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26667	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33288	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28459	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:25634	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31875	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:26270	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.mitre.oval:def:27782	P	ELSA-2011-1694 -- libcap security and bug fix update (low)	2014-12-15
oval:org.mitre.oval:def:27172	P	RHSA-2011:1694 -- libcap security and bug fix update (Low)	2014-12-08
oval:com.ubuntu.precise:def:20114099000	V	CVE-2011-4099 on Ubuntu 12.04 LTS (precise) - low.	2014-02-07
oval:com.ubuntu.trusty:def:20114099000	V	CVE-2011-4099 on Ubuntu 14.04 LTS (trusty) - low.	2014-02-07
oval:com.redhat.rhsa:def:20111694	P	RHSA-2011:1694: libcap security and bug fix update (Low)	2011-12-06

BACK