Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1031

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-1031
Last Modified 27 May 2011 12:00:00
Published 14 Feb 2011 05:00:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1031

Summary

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.

Vulnerable Systems

Application

  • Daniel Friesel Feh 1.10

  • Daniel Friesel Feh 1.10.1

  • Daniel Friesel Feh 1.11

  • Daniel Friesel Feh 1.11.1

  • Daniel Friesel Feh 1.11.2

  • Daniel Friesel Feh 1.3.5

  • Daniel Friesel Feh 1.4

  • Daniel Friesel Feh 1.4.1

  • Daniel Friesel Feh 1.4.2

  • Daniel Friesel Feh 1.4.3

  • Daniel Friesel Feh 1.5

  • Daniel Friesel Feh 1.6

  • Daniel Friesel Feh 1.6.1

  • Daniel Friesel Feh 1.7

  • Daniel Friesel Feh 1.8

  • Daniel Friesel Feh 1.9


References

CONFIRM - https://github.com/derf/feh/issues/#issue/32

CONFIRM - https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5

CONFIRM - https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=676389

SECUNIA - 43221


Last Updated: 27 May 2016 10:56:08