Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by shaman

    CVE-2011-4338 (GCVE-0-2011-4338)

    Vulnerability from cvelistv5 – Published: 2020-02-12 18:11 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
    Severity
    No CVSS data available.
    CWE
    • authorization error
    Assigner
    References
    Impacted products
    Vendor Product Version
    shaman shaman Affected: 1.0.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shaman",
              "vendor": "shaman",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authorization error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T18:11:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shaman",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "shaman"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authorization error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2011/11/22/4",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
                },
                {
                  "name": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1",
                  "refsource": "MISC",
                  "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4338",
        "datePublished": "2020-02-12T18:11:17.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4338 (GCVE-0-2011-4338)

    Vulnerability from nvd – Published: 2020-02-12 18:11 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
    Severity
    No CVSS data available.
    CWE
    • authorization error
    Assigner
    References
    Impacted products
    Vendor Product Version
    shaman shaman Affected: 1.0.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "shaman",
              "vendor": "shaman",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authorization error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T18:11:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "shaman",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "shaman"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authorization error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2011/11/22/4",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
                },
                {
                  "name": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1",
                  "refsource": "MISC",
                  "url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4338",
        "datePublished": "2020-02-12T18:11:17.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }