PT-2011-5009 · Artsoft Entertainment · Rocks'N'Diamonds

Published

2011-12-15

Updated

2024-06-15

CVE-2011-4606

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Artsoft Entertainment Rocks'n'Diamonds versions 3.3.0.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the .rocksndiamonds/cache/artworkinfo.cache file under a user's home directory.

Recommendations For version 3.3.0.1, consider restricting write access to the .rocksndiamonds/cache/artworkinfo.cache file to prevent arbitrary file overwrites. As a temporary workaround, avoid using the artworkinfo.cache file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-4606

OPENSUSE-SU-2024:10418-1

Affected Products

Rocks'N'Diamonds

PT-2011-5009 · Artsoft Entertainment · Rocks'N'Diamonds

CVE-2011-4606

Weakness Enumeration

Related Identifiers

Affected Products

References · 13