CVE-2011-5054
CWE-287Published: January 6, 2012· Updated: Jun 16, 2026
Official Description
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
Technical Analysis
CVE-2011-5054 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
From a weakness classification perspective (CWE-287): Authentication bypass vulnerabilities allow attackers to access protected resources without valid credentials.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (20)
Quick Facts
Related CVEs (CWE-287)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2011-5054 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts