Executive Summary

Name CVE-2011-3628 First vendor Publication 2014-04-15
Vendor Cve Last vendor Modification 2014-04-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3628

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21292
Oval ID: oval:org.mitre.oval:def:21292
Title: USN-1237-1 -- pam vulnerabilities
Description: PAM could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1237-1
Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): pam
Definition Synopsis:

CPE : Common Platform Enumeration

Application 4
Os 5

OpenVAS Exploits

Date Description
2011-10-31 Name : Ubuntu Update for pam USN-1237-1
File : nvt/gb_ubuntu_USN_1237_1.nasl

Nessus® Vulnerability Scanner

Date Description
2011-10-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1237-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125
UBUNTU http://www.ubuntu.com/usn/USN-1237-1

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 00:31:11
  • Multiple Updates
2014-04-16 21:21:53
  • Multiple Updates
2014-04-16 13:23:50
  • First insertion