CVE-2011-3602

Priority
Medium
Description
Directory traversal vulnerability in device-linux.c in the router
advertisement daemon (radvd) before 1.8.2 allows local users to overwrite
arbitrary files, and remote attackers to overwrite certain files, via a ..
(dot dot) in an interface name. NOTE: this can be leveraged with a symlink
to overwrite arbitrary files.
References
Notes
mdeslaur> upstream patch may be incorrect, see
mdeslaur> http://www.openwall.com/lists/oss-security/2011/10/07/4
mdeslaur> issue was actually fixed in 1.8.3 because of incorrect patch
Assigned-to
mdeslaur
Package
Source: radvd (LP Ubuntu Debian)
Upstream:released (1.8.3)
Ubuntu 10.04 LTS (Lucid Lynx):released (1:1.3-1.1ubuntu0.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1:1.8-1.2)
Patches:
Upstream:https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
Upstream:https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f (fix)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-30 14:15:25 UTC (commit 7994)