Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by shaman
CVE-2011-4338 (GCVE-0-2011-4338)
Vulnerability from cvelistv5 – Published: 2020-02-12 18:11 – Updated: 2024-08-07 00:01
VLAI
Summary
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
Severity
No CVSS data available.
CWE
- authorization error
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
| https://bbs.archlinux.org/viewtopic.php?id=64066&p=1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shaman",
"vendor": "shaman",
"versions": [
{
"status": "affected",
"version": "1.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authorization error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T18:11:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shaman",
"version": {
"version_data": [
{
"version_value": "1.0.9"
}
]
}
}
]
},
"vendor_name": "shaman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authorization error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/22/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"name": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1",
"refsource": "MISC",
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4338",
"datePublished": "2020-02-12T18:11:17.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4338 (GCVE-0-2011-4338)
Vulnerability from nvd – Published: 2020-02-12 18:11 – Updated: 2024-08-07 00:01
VLAI
Summary
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
Severity
No CVSS data available.
CWE
- authorization error
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
| https://bbs.archlinux.org/viewtopic.php?id=64066&p=1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shaman",
"vendor": "shaman",
"versions": [
{
"status": "affected",
"version": "1.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authorization error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T18:11:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shaman",
"version": {
"version_data": [
{
"version_value": "1.0.9"
}
]
}
}
]
},
"vendor_name": "shaman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authorization error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/22/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/22/4"
},
{
"name": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1",
"refsource": "MISC",
"url": "https://bbs.archlinux.org/viewtopic.php?id=64066\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4338",
"datePublished": "2020-02-12T18:11:17.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}