Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3616

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2011-3616
Last Modified 12 Mar 2012 12:00:00
Published 04 Nov 2011 05:55:07
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3616

Summary

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

Vulnerable Systems

Application

  • Conky 1.1

  • Conky 1.2

  • Conky 1.3.0

  • Conky 1.3.1

  • Conky 1.3.2

  • Conky 1.3.3

  • Conky 1.3.4

  • Conky 1.3.5

  • Conky 1.4.0

  • Conky 1.4.1

  • Conky 1.4.2

  • Conky 1.4.3

  • Conky 1.4.4

  • Conky 1.4.5

  • Conky 1.4.6

  • Conky 1.4.7

  • Conky 1.4.8

  • Conky 1.4.9

  • Conky 1.5.0

  • Conky 1.5.1

  • Conky 1.6.0

  • Conky 1.6.1

  • Conky 1.7.0

  • Conky 1.7.1

  • Conky 1.7.1.1

  • Conky 1.7.2

  • Conky 1.8.0

  • Conky 1.8.1


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309

MLIST - [oss-security] 20111010 Re: CVE Request -- Conky 1.8.1

MLIST - [oss-security] 20111009 CVE Request -- Conky 1.8.1

GENTOO - GLSA-201110-09

SECUNIA - 46353

SECUNIA - 43225

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033

MLIST - [oss-security] 20111010 Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue

MLIST - [oss-security] 20111009 CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue


Last Updated: 27 May 2016 10:55:08