CVE-2011-3154
Last modified
CVE-2011-3154 is a vulnerability of currently unknown severity. DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Canonical | Update-Manager | <= 1\:0.87.24 | — |
| Canonical | Update-Manager | 1\ | 0.134.7 |
| Canonical | Ubuntu Linux | 8.04 | — |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 10.10 | — |
| Canonical | Ubuntu Linux | 11.04 | — |
| Canonical | Ubuntu Linux | 11.10 | — |
References
- http://www.ubuntu.com/usn/USN-1284-1Vendor Advisory
- http://www.ubuntu.com/usn/USN-1284-1Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3154?
How severe is CVE-2011-3154?
How do I fix CVE-2011-3154?
Are you affected by CVE-2011-3154?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST