CVE-2011-1920 Information

Feb 14, 2021 cve

Description

The make include files in NetBSD before 1.6.2 as used in pmake 1.111 and other products allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend temporary file related to (1) bsd.lib.mk and (2) bsd.prog.mk.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673 http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h http://openwall.com/lists/oss-security/2011/05/16/2 http://openwall.com/lists/oss-security/2011/05/16/8 http://www.securityfocus.com/bid/47878 https://bugzilla.redhat.com/show_bug.cgi?id=705090 https://bugzilla.redhat.com/show_bug.cgi?id=705100 https://exchange.xforce.ibmcloud.com/vulnerabilities/67495

Share on: