Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3602

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-3602
Last Modified 28 Apr 2014 02:30:28
Published 27 Apr 2014 05:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3602

Summary

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

Vulnerable Systems

Application

  • Litech Router Advertisement Daemon 1.8.1


References

CONFIRM - https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc

UBUNTU - USN-1257-1

MLIST - [oss-security] 20111007 radvd 1.8.2 released with security fixes

CONFIRM - http://www.litech.org/radvd/CHANGES

DEBIAN - DSA-2323

Related Patches

Novell SUSE 2011:5397 radvd security update for SLES 11 SP1 i586

Novell SUSE 2011:5397 radvd security update for SLES 11 SP1 x86_64


Last Updated: 27 May 2016 11:05:08