CVE-2011-0460 - Improper Link Resolution Before File Access ('Link Following')

Severity

63%

Complexity

34%

Confidentiality

153%

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVSS 2.0 Base Score 6.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:C).

Overview

First reported 10 years ago

2014-04-16 18:37:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

kbd-project kbd 0.99

0.99

kbd-project kbd 1.01

1.01

kbd-project kbd 1.03

1.03

kbd-project kbd 1.04

1.04

kbd-project kbd 1.05

1.05

kbd-project kbd 1.06

1.06

kbd-project kbd 1.08

1.08

kbd-project kbd 1.10

1.10

kbd-project kbd 1.11

1.11

kbd-project kbd 1.12

1.12

kbd-project kbd 1.13

1.13

kbd-project kbd 1.14

1.14

OpenSUSE 11.2

11.2

OpenSUSE 11.3

11.3

References

openSUSE-SU-2011:0357

https://bugzilla.novell.com/show_bug.cgi?id=663898

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.