CVE-2011-1920
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
23/05/2011
Last modified:
11/04/2025
Description
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Impact
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:* | ||
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h
- http://openwall.com/lists/oss-security/2011/05/16/2
- http://openwall.com/lists/oss-security/2011/05/16/8
- http://www.securityfocus.com/bid/47878
- https://bugzilla.redhat.com/show_bug.cgi?id=705090
- https://bugzilla.redhat.com/show_bug.cgi?id=705100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67495
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h
- http://openwall.com/lists/oss-security/2011/05/16/2
- http://openwall.com/lists/oss-security/2011/05/16/8
- http://www.securityfocus.com/bid/47878
- https://bugzilla.redhat.com/show_bug.cgi?id=705090
- https://bugzilla.redhat.com/show_bug.cgi?id=705100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67495