CVE-2011-1920

Published: May 23, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673

x_refsource_CONFIRM

47878

vdb-entry

x_refsource_BID

[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target

mailing-list

x_refsource_MLIST

[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=705100

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=705090

x_refsource_CONFIRM

http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h

x_refsource_CONFIRM

http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h

x_refsource_CONFIRM

pmake-depend-symlink(67495)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1920

Description

Affected Products

References