CVE-2011-3616 - Improper Link Resolution Before File Access ('Link Following')

Severity

63%

Complexity

34%

Confidentiality

153%

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

CVSS 2.0 Base Score 6.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:C).

Overview

Type

Conky

First reported 13 years ago

2011-11-04 21:55:00

Last updated 12 years ago

2012-03-12 04:00:00

Affected Software

Conky 1.1

1.1

Conky 1.2

1.2

Conky 1.3.0

1.3.0

Conky 1.3.1

1.3.1

Conky 1.3.2

1.3.2

Conky 1.3.3

1.3.3

Conky 1.3.4

1.3.4

Conky 1.3.5

1.3.5

Conky 1.4.0

1.4.0

Conky 1.4.1

1.4.1

Conky 1.4.2

1.4.2

Conky 1.4.3

1.4.3

Conky 1.4.4

1.4.4

Conky 1.4.5

1.4.5

Conky 1.4.6

1.4.6

Conky 1.4.7

1.4.7

Conky 1.4.8

1.4.8

Conky 1.4.9

1.4.9

Conky 1.5.0

1.5.0

Conky 1.5.1

1.5.1

Conky 1.6.0

1.6.0

Conky 1.6.1

1.6.1

Conky 1.7.0

1.7.0

Conky 1.7.1

1.7.1

Conky 1.7.1.1

1.7.1.1

Conky 1.7.2

1.7.2

Conky 1.8.0

1.8.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033

Exploit

43225

Vendor Advisory

46353

Vendor Advisory

GLSA-201110-09

[oss-security] 20111009 CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue

[oss-security] 20111010 Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue

https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.