CVE-2011-2684 - OpenCVE

foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rkkda	Foo2zjs

Configuration 1 [-]

OR	cpe:2.3:a:rkkda:foo2zjs:20090908dfsg-5.1\+squeeze0:::::debian::
	cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-1:::::debian::
	cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-3ubuntu1:::::ubuntu::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2011/07/06/10
http://www.openwall.com/lists/oss-security/2014/02/08/5
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870
https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370
https://security-tracker.debian.org/tracker/CVE-2011-2684/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-10-23T18:00:00

Updated: 2024-08-06T23:08:23.747Z

Reserved: 2011-07-11T00:00:00

Link: CVE-2011-2684

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-23T18:29:00.257

Modified: 2017-11-21T18:13:34.660

Link: CVE-2011-2684

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2011/07/06/10"}, {"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-2684/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2684", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870"}, {"name": "http://www.openwall.com/lists/oss-security/2011/07/06/10", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2011/07/06/10"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2011-2684/", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2011-2684/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.747Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/07/06/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-2684/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2684", "datePublished": "2017-10-23T18:00:00", "dateReserved": "2011-07-11T00:00:00", "dateUpdated": "2024-08-06T23:08:23.747Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rkkda:foo2zjs:20090908dfsg-5.1\\+squeeze0:*:*:*:*:debian:*:*", "matchCriteriaId": "EC7464A6-38E1-456C-A03E-28CC4C91DEBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-1:*:*:*:*:debian:*:*", "matchCriteriaId": "8F39DA20-D316-4C30-814F-1D7CC07C2BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-3ubuntu1:*:*:*:*:ubuntu:*:*", "matchCriteriaId": "1FB2254C-A1A4-4932-A532-ECDB4CAC6676", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs."}, {"lang": "es", "value": "foo2zjs en versiones anteriores a la 20110722dfsg-3ubuntu1, tal y como viene incorporado en Ubuntu, en su versi\u00c3\u00b3n 20110722dfsg-1 tal y como viene en la distribuci\u00c3\u00b3n no estable de Debian y 20090908dfsg-5.1+squeeze0 tal y como viene en Debian squeeze, crea archivos temporales de manera insegura, lo que permite que los usuarios locales escriban sobre archivos arbitrarios mediante un ataque symlink a /tmp/foo2zjs."}], "id": "CVE-2011-2684", "lastModified": "2017-11-21T18:13:34.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T18:29:00.257", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/07/06/10"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-2684/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}