Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1073

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-1073
Last Modified 21 Sep 2011 11:29:29
Published 04 Mar 2011 06:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1073

Summary

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.

Vulnerable Systems

Operating System

  • Apple Mac Os X

  • Freebsd


References

XF - freebsd-realpath-info-disc(65899)

BID - 46604

BUGTRAQ - 20110228 FreeBSD crontab information leakage

SREASON - 8117

MLIST - [oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage

MLIST - [oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage


Last Updated: 27 May 2016 10:56:08