Executive Summary

Informations
Name CVE-2011-3154 First vendor Publication 2014-04-17
Vendor Cve Last vendor Modification 2014-05-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3154

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15123
 
Oval ID: oval:org.mitre.oval:def:15123
Title: USN-1284-1 -- Update Manager vulnerabilities
Description: update-manager: GNOME application that manages apt updates - update-notifier: Daemon which notifies about package updates Update Manager could be made to overwrite files as the administrator.
Family: unix Class: patch
Reference(s): USN-1284-1
CVE-2011-3152
CVE-2011-3154
Version: 7
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): Update
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15255
 
Oval ID: oval:org.mitre.oval:def:15255
Title: USN-1284-2 -- Update Manager regression
Description: update-manager: GNOME application that manages apt updates Details: USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1284-1 introduced a regression in Update Manager.
Family: unix Class: patch
Reference(s): USN-1284-2
CVE-2011-3152
CVE-2011-3154
Version: 9
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): Update-Manager
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9
Os 5

OpenVAS Exploits

Date Description
2012-02-21 Name : Ubuntu Update for update-manager USN-1284-2
File : nvt/gb_ubuntu_USN_1284_2.nasl
2011-12-02 Name : Ubuntu Update for update-manager USN-1284-1
File : nvt/gb_ubuntu_USN_1284_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77641 Update Manager Insecure Temporary File Creation Local .XAUTHORITY File Discl...

Nessus® Vulnerability Scanner

Date Description
2012-02-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1284-2.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1284-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541
SECUNIA http://secunia.com/advisories/47024
UBUNTU http://www.ubuntu.com/usn/USN-1284-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-05-23 00:30:57
  • Multiple Updates
2016-04-26 21:01:36
  • Multiple Updates
2014-05-05 13:23:08
  • Multiple Updates
2014-04-18 13:26:00
  • First insertion