CVE-2011-2147
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2011-2147
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Openswan安全绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Xelerance Openswan是加拿大Xelerance公司的一个基于FreeS/WAN项目的用于Linux系统下的IPSEC实现,它主要用于保证数据传输中的安全性、完整性等问题。 Openswan 2.2.x版本不能正确限制/var/run/starter.pid(与IPsec starter中的starter.c有关)和/var/lock/subsys/ipsec的权限。本地用户可以通过向文件写入PID,终止任意进程,或者通过向文件写入任意数据,绕过磁盘分配。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2011-2147
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2011-2147
Please Login to view more intelligence information
Same Patch Batch · n/a · 2011-05-20 · 35 CVEs total
| CVE-2011-2157 | SmarterTools SmarterStats web服务器权限许可和访问控制漏洞 | |
| CVE-2011-2149 | SmarterTools SmarterStats web服务器多个SQL注入漏洞 | |
| CVE-2011-2150 | SmarterTools SmarterStats web服务器XML注入漏洞 | |
| CVE-2011-2151 | SmarterTools SmarterStats web服务器敏感信息泄露漏洞 | |
| CVE-2011-2152 | SmarterTools SmarterStats web服务器跨域Referer泄露漏洞 | |
| CVE-2011-2153 | SmarterTools SmarterStats web服务器Login.aspx跨域Referer泄露漏洞 | |
| CVE-2011-2154 | SmarterTools SmarterStats web服务器login.aspx敏感信息泄露漏洞 | |
| CVE-2011-2155 | SmarterTools SmarterStats web服务器Login.aspx认证绕过漏洞 | |
| CVE-2011-2156 | SmarterTools SmarterStats web服务器目录列表信息泄露漏洞 | |
| CVE-2011-2148 | SmarterTools SmarterStats web服务器操作系统命令注入漏洞 | |
| CVE-2011-2158 | SmarterTools SmarterStats web服务器设计错误漏洞 | |
| CVE-2011-2159 | SmarterTools SmarterStats web服务器设计错误漏洞 | |
| CVE-2011-2160 | FFmpeg VC-1解码功能输入验证漏洞 | |
| CVE-2011-2161 | FFmpeg libavformat ape.c ape_read_header函数拒绝服务漏洞 | |
| CVE-2011-2162 | FFmpeg多个未明漏洞 | |
| CVE-2011-2163 | IBM Systems Director Virtualization Manager未明漏洞 | |
| CVE-2011-2164 | Adobe Photoshop多个未明漏洞 | |
| CVE-2011-0962 | Cisco Unified Operations Manager跨站脚本攻击漏洞 | |
| CVE-2009-5075 | Monkey's Audio '.ape'文件拒绝服务漏洞 | |
| CVE-2010-0217 | Zeacom Chat Server弱'JSESSIONID'会话ID劫持漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM
V. Comments for CVE-2011-2147
No comments yet