PT-2011-2009 · None · Pimd

Vincent Bernat

Published

2011-01-11

Updated

2017-08-17

CVE-2011-0007

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions pimd versions 2.1.5 and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on certain files when specific signals are sent. This can occur with pimd.dump when a USR1 signal is sent, or with pimd.cache when a USR2 signal is sent.

Recommendations For versions 2.1.5 and earlier, consider restricting access to the USR1 and USR2 signals to prevent exploitation. Additionally, as a temporary workaround, consider implementing file system permissions to limit the ability to overwrite arbitrary files.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2011-0007

DSA-2147-1

Affected Products

Pimd

PT-2011-2009 · None · Pimd

CVE-2011-0007

Weakness Enumeration

Related Identifiers

Affected Products

References · 13