CVE-2011-3602
Published: 7 October 2011
Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.
Notes
Author | Note |
---|---|
mdeslaur |
upstream patch may be incorrect, see http://www.openwall.com/lists/oss-security/2011/10/07/4 issue was actually fixed in 1.8.3 because of incorrect patch |
Priority
Status
Package | Release | Status |
---|---|---|
radvd
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1:1.3-1.1ubuntu0.1)
|
|
maverick |
Released
(1:1.6-1ubuntu0.1)
|
|
natty |
Released
(1:1.7-1ubuntu0.1)
|
|
oneiric |
Released
(1:1.8-1ubuntu0.1)
|
|
upstream |
Released
(1.8.3)
|
|
Patches:
upstream: https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc upstream: https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f |