CVE-2011-1496
tmux - privilege escalation
EPSS 0.10%
Description
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
How to fix CVE-2011-1496
To remediate CVE-2011-1496, upgrade the affected package to a fixed version below.
- Debian/tmux—upgrade to 1.4-6 or later
- Debian/tmux—upgrade to 1.3-2+squeeze1 or later
Is CVE-2011-1496 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4-6
- from 0, < 1.3-2+squeeze1