Main Vulnerability Database Exploits ID:4375 - Exploit for Path traversal in FreeBSD - CVE-2011-4122

ID:4375 - Exploit for Path traversal in FreeBSD - CVE-2011-4122

Published: August 11, 2020

Vulnerability identifier: #VU44516

Vulnerability risk: High

CVE-ID: CVE-2011-4122

CWE-ID: CWE-22

Exploitation vector: Local access

Vulnerable software:
FreeBSD

Link to public exploit:

https://www.exploit-db.com/exploits/36296/

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1. A remote authenticated attacker can send a specially crafted HTTP request and local users to load arbitrary DSOs and gain privileges via a . (dot dot) in the service_name argument to the pam_start function, as demonstrated by a . in the -c option to kcheckpass.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4375 - Exploit for Path traversal in FreeBSD - CVE-2011-4122

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human