Lucene search

[email protected]CVE-2011-3616

HistoryNov 04, 2011 - 9:55 p.m.

CVE-2011-3616

2011-11-0421:55:07

CWE-59

[email protected]

web.nvd.nist.gov

cve-2011-3616

conky

symlink attack

nvd

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

Affected configurations

NVD

Node

conkyconkyRange≤1.8.1

conkyconkyMatch1.1

conkyconkyMatch1.2

conkyconkyMatch1.3.0

conkyconkyMatch1.3.1

conkyconkyMatch1.3.2

conkyconkyMatch1.3.3

conkyconkyMatch1.3.4

conkyconkyMatch1.3.5

conkyconkyMatch1.4.0

conkyconkyMatch1.4.1

conkyconkyMatch1.4.2

conkyconkyMatch1.4.3

conkyconkyMatch1.4.4

conkyconkyMatch1.4.5

conkyconkyMatch1.4.6

conkyconkyMatch1.4.7

conkyconkyMatch1.4.8

conkyconkyMatch1.4.9

conkyconkyMatch1.5.0

conkyconkyMatch1.5.1

conkyconkyMatch1.6.0

conkyconkyMatch1.6.1

conkyconkyMatch1.7.0

conkyconkyMatch1.7.1

conkyconkyMatch1.7.1.1

conkyconkyMatch1.7.2

conkyconkyMatch1.8.0

CPENameOperatorVersion
conky:conkyconkyle1.8.1
conky:conkyconkyeq1.1
conky:conkyconkyeq1.2
conky:conkyconkyeq1.3.0
conky:conkyconkyeq1.3.1
conky:conkyconkyeq1.3.2
conky:conkyconkyeq1.3.3
conky:conkyconkyeq1.3.4
conky:conkyconkyeq1.3.5
conky:conkyconkyeq1.4.0

CPE	Name	Operator	Version
conky:conky	conky	le	1.8.1
conky:conky	conky	eq	1.1
conky:conky	conky	eq	1.2
conky:conky	conky	eq	1.3.0
conky:conky	conky	eq	1.3.1
conky:conky	conky	eq	1.3.2
conky:conky	conky	eq	1.3.3
conky:conky	conky	eq	1.3.4
conky:conky	conky	eq	1.3.5
conky:conky	conky	eq	1.4.0