Back to search
CVE-2011-3616
Published: Nov 4, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43225
third-party-advisory
x_refsource_SECUNIA
https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612033
x_refsource_CONFIRM
[oss-security] 20111009 CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue
mailing-list
x_refsource_MLIST
[oss-security] 20111010 Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue
mailing-list
x_refsource_MLIST
46353
third-party-advisory
x_refsource_SECUNIA
GLSA-201110-09
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now