CVE-2011-4091

Published: Feb 10, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.

Affected (16)

Products: Opensuse: Opensuse · Oracle: Solaris · Armin Burgmeier: Net6

1 product

1 product

Armin Burgmeier

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.3
Opensuse Opensuse	Version 11.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Configuration C

13 vulnerable

Vulnerable Software	Affected Versions
Armin Burgmeier Net6	Up to 1.3.13
Armin Burgmeier Net6	Version 1.3.10
Armin Burgmeier Net6	Version 1.3.11
Armin Burgmeier Net6	Version 1.3.12
Armin Burgmeier Net6	Version 1.3.1
Armin Burgmeier Net6	Version 1.3.2
Armin Burgmeier Net6	Version 1.3.3
Armin Burgmeier Net6	Version 1.3.4
Armin Burgmeier Net6	Version 1.3.5
Armin Burgmeier Net6	Version 1.3.6
Armin Burgmeier Net6	Version 1.3.7
Armin Burgmeier Net6	Version 1.3.8
Armin Burgmeier Net6	Version 1.3.9

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (14)

http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/10/31/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=727708

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=750632

Source: secalert@redhat.com

Issue Tracking

http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/10/31/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=727708

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=750632

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.