Symlink Attack Vulnerability in D-Bus Product from freedesktop.org
CVE-2011-2533

Currently unrated

Key Information:

Vendor

Freedesktop

Status
Dbus
Vendor
CVE Published:
22 June 2011
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2011-2533?

The configure script in D-Bus 1.2.x versions prior to 1.2.28 is susceptible to a local symlink attack. Malicious users can exploit this vulnerability to overwrite arbitrary files on the system by creating a specially crafted symlink in the /tmp/ directory, which leads to potential data loss or system compromise. It is essential for system administrators to implement the updated version to mitigate this security risk.

References

http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
vdb-entryx_refsource_XF
http://www.securitytracker.com/id?1025720
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.