CVE-2011-3154 - Vulnerability Details - OpenCVE

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux Update-manager

Configuration 1 [-]

OR	cpe:2.3:a:canonical:update-manager::::::::
	cpe:2.3:a:canonical:update-manager:1\:0.134.7:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.142.19:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.150:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.152.25:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/47024
http://www.ubuntu.com/usn/USN-1284-1
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-17T14:00:00

Updated: 2024-08-06T23:22:27.594Z

Reserved: 2011-08-16T00:00:00

Link: CVE-2011-3154

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-04-17T14:55:04.717

Modified: 2025-04-12T10:46:40.837

Link: CVE-2011-3154

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-27T21:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541"}, {"name": "USN-1284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "47024", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541"}, {"name": "USN-1284-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "47024", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47024"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.594Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541"}, {"name": "USN-1284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "47024", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47024"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3154", "datePublished": "2014-04-17T14:00:00", "dateReserved": "2011-08-16T00:00:00", "dateUpdated": "2024-08-06T23:22:27.594Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E6222C1-BE30-494E-9956-37DCC11200A6", "versionEndIncluding": "1\\:0.87.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.134.7:*:*:*:*:*:*:*", "matchCriteriaId": "3BC72F6F-A738-47DC-ACE0-C4D00AD6426E", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.142.19:*:*:*:*:*:*:*", "matchCriteriaId": "EA72C593-8B42-4683-BE81-E87CE26FDCF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.150:*:*:*:*:*:*:*", "matchCriteriaId": "EDDB1BE2-8F01-46C5-ABE1-7D4E4AF40B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.152.25:*:*:*:*:*:*:*", "matchCriteriaId": "ECE75579-DB27-4944-AB3F-BDC77A895E0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*", "matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file."}, {"lang": "es", "value": "DistUpgrade/DistUpgradeViewKDE.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.x anterior a 1:0.150.5.1 y 1:0.152.x anterior a 1:0.152.25.5 no crea debidamente archivos temporales, lo que permite a usuarios locales obtener el contenido de archivo XAUTHORITY para un usuario a trav\u00e9s de un ataque symlink sobre el archivo temporal."}], "id": "CVE-2011-3154", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-17T14:55:04.717", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/47024"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/47024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}