QwikSec

Security Database

CVE

CWE

Training

CVE-2011-3602

Published: Apr 27, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20111007 radvd 1.8.2 released with security fixes

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc

x_refsource_CONFIRM

http://www.litech.org/radvd/CHANGES

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.