Lucene search

[email protected]CVE-2011-1920

HistoryMay 23, 2011 - 10:55 p.m.

CVE-2011-1920

2011-05-2322:55:01

CWE-59

[email protected]

web.nvd.nist.gov

netbsd

pmake

symlink attack

file overwrite

vulnerability

cve-2011-1920

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

JSON

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

Affected configurations

NVD

Node

netbsdnetbsd

netbsdnetbsdRange≤1.6.1

netbsdnetbsdMatch1.0

netbsdnetbsdMatch1.1

netbsdnetbsdMatch1.2

netbsdnetbsdMatch1.2.1

netbsdnetbsdMatch1.3

netbsdnetbsdMatch1.3.1

netbsdnetbsdMatch1.3.2

netbsdnetbsdMatch1.3.3

netbsdnetbsdMatch1.4

netbsdnetbsdMatch1.4.1

netbsdnetbsdMatch1.4.2

netbsdnetbsdMatch1.4.3

netbsdnetbsdMatch1.5

netbsdnetbsdMatch1.5.1

netbsdnetbsdMatch1.5.2

netbsdnetbsdMatch1.5.3

netbsdnetbsdMatch1.6

AND

ihjipmakeMatch1.111

CPENameOperatorVersion
netbsd:netbsdnetbsdeq*
netbsd:netbsdnetbsdle1.6.1
netbsd:netbsdnetbsdeq1.0
netbsd:netbsdnetbsdeq1.1
netbsd:netbsdnetbsdeq1.2
netbsd:netbsdnetbsdeq1.2.1
netbsd:netbsdnetbsdeq1.3
netbsd:netbsdnetbsdeq1.3.1
netbsd:netbsdnetbsdeq1.3.2
netbsd:netbsdnetbsdeq1.3.3

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	*
netbsd:netbsd	netbsd	le	1.6.1
netbsd:netbsd	netbsd	eq	1.0
netbsd:netbsd	netbsd	eq	1.1
netbsd:netbsd	netbsd	eq	1.2
netbsd:netbsd	netbsd	eq	1.2.1
netbsd:netbsd	netbsd	eq	1.3
netbsd:netbsd	netbsd	eq	1.3.1
netbsd:netbsd	netbsd	eq	1.3.2
netbsd:netbsd	netbsd	eq	1.3.3