CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.150:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.152.25:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.134.7:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.142.19:*:*:*:*:*:*:*

Information

Published : 2014-04-17 07:55

Updated : 2014-05-04 21:59


NVD link : CVE-2011-3154

Mitre link : CVE-2011-3154


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux
  • update-manager