The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-05-23 22:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1920
Mitre link : CVE-2011-1920
CVE.ORG link : CVE-2011-1920
JSON object : View
Products Affected
ihji
- pmake
netbsd
- netbsd
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')