Symlink Vulnerability in NetBSD Affecting pmake and Other Products
CVE-2011-1920

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; Pmake
Vendor: CVE Published:; 23 May 2011

What is CVE-2011-1920?

A vulnerability exists in NetBSD versions prior to 1.6.2, as utilized in pmake 1.111 and other products. This flaw permits local users to manipulate arbitrary files through a symlink attack aimed at a temporary file created in the /tmp directory. Specifically, the issue arises from insecure handling of temporary files in the make include files, namely bsd.lib.mk and bsd.prog.mk, allowing unauthorized file access and potential system compromise.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47878

vdb-entryx_refsource_BID

http://openwall.com/lists/oss-security/2011/05/16/2

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2011
Vulnerability Reserved
May 9, 2011

CVE-2011-1920 Data

JSON

Netbsd

What is CVE-2011-1920?

References

Timeline