CVE-2011-3616

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability : 3.4 / Impact : 9.2

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033	Exploit
http://secunia.com/advisories/43225	Vendor Advisory
http://secunia.com/advisories/46353	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-201110-09.xml
http://www.openwall.com/lists/oss-security/2011/10/09/4
http://www.openwall.com/lists/oss-security/2011/10/10/8
https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033	Exploit
http://secunia.com/advisories/43225	Vendor Advisory
http://secunia.com/advisories/46353	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-201110-09.xml
http://www.openwall.com/lists/oss-security/2011/10/09/4
http://www.openwall.com/lists/oss-security/2011/10/10/8
https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:conky:conky::::::::
	cpe:2.3:a:conky:conky:1.1:::::::*
	cpe:2.3:a:conky:conky:1.2:::::::*
	cpe:2.3:a:conky:conky:1.3.0:::::::*
	cpe:2.3:a:conky:conky:1.3.1:::::::*
	cpe:2.3:a:conky:conky:1.3.2:::::::*
	cpe:2.3:a:conky:conky:1.3.3:::::::*
	cpe:2.3:a:conky:conky:1.3.4:::::::*
	cpe:2.3:a:conky:conky:1.3.5:::::::*
	cpe:2.3:a:conky:conky:1.4.0:::::::*
	cpe:2.3:a:conky:conky:1.4.1:::::::*
	cpe:2.3:a:conky:conky:1.4.2:::::::*
	cpe:2.3:a:conky:conky:1.4.3:::::::*
	cpe:2.3:a:conky:conky:1.4.4:::::::*
	cpe:2.3:a:conky:conky:1.4.5:::::::*
	cpe:2.3:a:conky:conky:1.4.6:::::::*
	cpe:2.3:a:conky:conky:1.4.7:::::::*
	cpe:2.3:a:conky:conky:1.4.8:::::::*
	cpe:2.3:a:conky:conky:1.4.9:::::::*
	cpe:2.3:a:conky:conky:1.5.0:::::::*
	cpe:2.3:a:conky:conky:1.5.1:::::::*
	cpe:2.3:a:conky:conky:1.6.0:::::::*
	cpe:2.3:a:conky:conky:1.6.1:::::::*
	cpe:2.3:a:conky:conky:1.7.0:::::::*
	cpe:2.3:a:conky:conky:1.7.1:::::::*
	cpe:2.3:a:conky:conky:1.7.1.1:::::::*
	cpe:2.3:a:conky:conky:1.7.2:::::::*
	cpe:2.3:a:conky:conky:1.8.0:::::::*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033 - Exploit~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033 - Exploit
References	~~() http://secunia.com/advisories/43225 - Vendor Advisory~~	() http://secunia.com/advisories/43225 - Vendor Advisory
References	~~() http://secunia.com/advisories/46353 - Vendor Advisory~~	() http://secunia.com/advisories/46353 - Vendor Advisory
References	~~() http://www.gentoo.org/security/en/glsa/glsa-201110-09.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-201110-09.xml -
References	~~() http://www.openwall.com/lists/oss-security/2011/10/09/4 -~~	() http://www.openwall.com/lists/oss-security/2011/10/09/4 -
References	~~() http://www.openwall.com/lists/oss-security/2011/10/10/8 -~~	() http://www.openwall.com/lists/oss-security/2011/10/10/8 -
References	~~() https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309 -~~	() https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309 -

Information

Published : 2011-11-04 21:55

Updated : 2024-11-21 01:30

NVD link : CVE-2011-3616

Mitre link : CVE-2011-3616

CVE.ORG link : CVE-2011-3616

JSON object : View

Products Affected

conky

conky

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

6.3 /10