PT-2011-3476 · Netbsd · Netbsd+1
Vincent Danen
·
Published
2011-05-23
·
Updated
2017-08-17
·
CVE-2011-1920
CVSS v2.0
3.3
Low
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NetBSD versions prior to 1.6.2
pmake version 1.111
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ depend temporary file. This is related to the bsd.lib.mk and bsd.prog.mk include files.
Recommendations
For NetBSD versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue.
For pmake version 1.111, consider restricting access to temporary files in /tmp to minimize the risk of exploitation until a patch is available.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netbsd
Pmake