Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2533

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-2533
Last Modified 21 Nov 2011 10:57:28
Published 22 Jun 2011 07:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2533

Summary

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

Vulnerable Systems

Application

  • Freedesktop Dbus 1.2.1

  • Freedesktop Dbus 1.2.10

  • Freedesktop Dbus 1.2.12

  • Freedesktop Dbus 1.2.14

  • Freedesktop Dbus 1.2.16

  • Freedesktop Dbus 1.2.18

  • Freedesktop Dbus 1.2.20

  • Freedesktop Dbus 1.2.22

  • Freedesktop Dbus 1.2.24

  • Freedesktop Dbus 1.2.26

  • Freedesktop Dbus 1.2.3

  • Freedesktop Dbus 1.2.4

  • Freedesktop Dbus 1.2.6

  • Freedesktop Dbus 1.2.8


References

XF - dbus-configure-symlink(68173)

SECTRACK - 1025720

CONFIRM - http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2


Last Updated: 27 May 2016 10:57:02