Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2011-3154

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
17/04/2014
Last modified:
12/04/2025

Description

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Impact

Vector 2.0
AV:L/AC:M/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 1.90 LOW
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0
1.90
Severity 2.0
LOW

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:* 1\:0.87.24 (including)
cpe:2.3:a:canonical:update-manager:1\:0.134.7:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.142.19:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.150:*:*:*:*:*:*:*
cpe:2.3:a:canonical:update-manager:1\:0.152.25:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools