Vulnerability Details : CVE-2011-4091
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
Vulnerability category: BypassGain privilege
Products affected by CVE-2011-4091
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:*:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:armin_burgmeier:net6:1.3.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4091
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4091
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-4091
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4091
-
http://www.openwall.com/lists/oss-security/2011/10/31/1
oss-security - Re: CVE request: 3 flaws in libobby and libnet6Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html
openSUSE-SU-2012:0008-1: moderate: net6Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html
openSUSE-SU-2012:0040-1: moderate: net6Third Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=727708
Bug 727708 – VUL-0: net6 information disclosureIssue Tracking
-
https://bugzilla.redhat.com/show_bug.cgi?id=750632
750632 – (CVE-2011-4091) CVE-2011-4091 net6: user information exposure flawIssue Tracking
-
http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169
Apache2 Ubuntu Default Page: It works
Jump to