Candidate: CVE-2011-2910
PublicDate: 2019-11-15 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2910
 http://www.openwall.com/lists/oss-security/2011/08/10/3
Description:
 The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the
 return value of a setuid call. The setuid call is responsible for dropping
 privileges but if the call fails the daemon would continue to run with root
 privileges which can allow possible privilege escalation.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638198
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]

Patches_ax25-tools:
upstream_ax25-tools: released (0.0.8-13.2)
hardy_ax25-tools: ignored (reached end-of-life)
lucid_ax25-tools: ignored (reached end-of-life)
maverick_ax25-tools: ignored (reached end-of-life)
natty_ax25-tools: ignored (reached end-of-life)
oneiric_ax25-tools: ignored (reached end-of-life)
precise_ax25-tools: not-affected (0.0.8-13.2)
quantal_ax25-tools: not-affected (0.0.8-13.2)
raring_ax25-tools: not-affected (0.0.8-13.2)
saucy_ax25-tools: not-affected (0.0.8-13.2)
devel_ax25-tools: not-affected (0.0.8-13.2)