{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"}, {"name": "47878", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47878"}, {"name": "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/16/2"}, {"name": "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/16/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"}, {"name": "pmake-depend-symlink(67495)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.625Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"}, {"name": "47878", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47878"}, {"name": "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/16/2"}, {"name": "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/16/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"}, {"name": "pmake-depend-symlink(67495)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1920", "datePublished": "2011-05-23T22:00:00", "dateReserved": "2011-05-09T00:00:00", "dateUpdated": "2024-08-06T22:46:00.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "B55E4B92-88E0-41F0-AFA7-046A8D34A2CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "26A936FF-9942-4A95-BE65-57A8C1B6C8AC", "versionEndIncluding": "1.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DF613C9-DC4A-45F0-BEE1-8450762B0089", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "441CEF2E-9687-4930-8536-B8B83018BD28", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "55DD3C82-0B7D-4B25-B603-AD6C6D59239A", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC7A39CD-C4B2-4FD9-A450-E5C7A5480174", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CBA1B13-B378-4F13-BD13-EC58F15F5C81", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8C8CAB1-2D8C-4875-A795-41178D48410F", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C422E343-ADF2-427D-865D-B5C35431EFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C288A88-11C6-429E-A109-0395D0989264", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "516C6D9A-7483-4E36-A2E0-42698161AD31", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1F89124-E194-4C7A-B06D-8535B4066AA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ihji:pmake:1.111:*:*:*:*:*:*:*", "matchCriteriaId": "CABB6C56-E62F-4A49-8B75-A7744E6A5363", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk."}, {"lang": "es", "value": "El \"make\" incluye ficheros en NetBSD anterior a v1.6.2 usados en pmake v1.111 y otros productos, permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal /tmp/_depend#####, relacionado con (1) bsd.lib.mk y (2) bsd.prog.mk."}], "id": "CVE-2011-1920", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-23T22:55:01.410", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/05/16/2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/05/16/8"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/47878"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/05/16/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/05/16/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mk-files: insecure temporary file usage", "id": "705100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk."], "name": "CVE-2011-1920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "pmake", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2011-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1920\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1920"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw in Red Hat Enterprise Linux 4. If more information becomes available at a future date, we may revisit the issue.", "threat_severity": "Low"}