Vulnerability Details : CVE-2011-3154
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Products affected by CVE-2011-3154
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.134.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.142.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.150:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.152.25:*:*:*:*:*:*:*
Threat overview for CVE-2011-3154
Top countries where our scanners detected CVE-2011-3154
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2011-3154 2,348
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-3154!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-3154
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2011-3154
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3154
-
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541
Bug #881541 “DistUpgrade/DistUpgradeViewKDE.py uses mktemp -- wh...” : Bugs : update-manager package : Ubuntu
-
http://www.ubuntu.com/usn/USN-1284-1
USN-1284-1: Update Manager vulnerabilities | Ubuntu security noticesVendor Advisory
Jump to