1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2011-3616
PublicDate: 2011-11-04
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3616
Description:
The getSkillname function in the eve module in Conky 1.8.1 and earlier
allows local users to overwrite arbitrary files via a symlink attack on
/tmp/.cesf.
Ubuntu-Description:
Notes:
tyhicks> Likely mitigated by Yama in Maverick and newer.
Bugs:
https://launchpad.net/bugs/607309
http://bugs.debian.org/612033
Priority: medium
Discovered-by:
Assigned-to:
Patches_conky:
upstream_conky: needs-triage
hardy_conky: ignored (reached end-of-life)
lucid_conky: ignored (reached end-of-life)
maverick_conky: ignored (reached end-of-life)
natty_conky: ignored (reached end-of-life)
oneiric_conky: released (1.8.1-2)
precise_conky: not-affected (1.8.1-5)
quantal_conky: not-affected (1.8.1-5)
raring_conky: not-affected (1.8.1-5)
saucy_conky: not-affected (1.8.1-5)
devel_conky: not-affected (1.8.1-5)
|