CVE-2011-3154

Published Apr 17, 2014

Last updated 3 months ago

CVSS info 1.9

Overview

Description: DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E6222C1-BE30-494E-9956-37DCC11200A6",
            "versionEndIncluding": "1\\:0.87.24"
          },
          {
            "criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.134.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BC72F6F-A738-47DC-ACE0-C4D00AD6426E"
          },
          {
            "criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.142.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA72C593-8B42-4683-BE81-E87CE26FDCF4"
          },
          {
            "criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.150:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDDB1BE2-8F01-46C5-ABE1-7D4E4AF40B72"
          },
          {
            "criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.152.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECE75579-DB27-4944-AB3F-BDC77A895E0A"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References