Unrated severityNVD Advisory· Published Nov 17, 2011· Updated Apr 29, 2026

CVE-2011-4122

Description

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.

Affected products

FreeBSD/FreeBSD
cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

c-skills.blogspot.com/2011/11/openpam-trickery.htmlnvdExploit
secunia.com/advisories/46756nvdVendor Advisory
secunia.com/advisories/46804nvdVendor Advisory
openwall.com/lists/oss-security/2011/12/07/3nvd
openwall.com/lists/oss-security/2011/12/08/9nvd
osvdb.org/76945nvd
stealth.openwall.net/xSports/pamslamnvd
trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.cnvd
exchange.xforce.ibmcloud.com/vulnerabilities/71205nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000