Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3154

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-3154
Last Modified 05 May 2014 12:59:47
Published 17 Apr 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3154

Summary

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 8.04

Application

  • Canonical Update-manager 1%3a0.134.7

  • Canonical Update-manager 1%3a0.142.19

  • Canonical Update-manager 1%3a0.150

  • Canonical Update-manager 1%3a0.152.25

  • Canonical Update-manager 1%3a0.87.24


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541

UBUNTU - USN-1284-1

SECUNIA - 47024


Last Updated: 27 May 2016 11:05:00