Описание
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1920
- https://bugzilla.redhat.com/show_bug.cgi?id=705090
- https://bugzilla.redhat.com/show_bug.cgi?id=705100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67495
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h
- http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h
- http://openwall.com/lists/oss-security/2011/05/16/2
- http://openwall.com/lists/oss-security/2011/05/16/8
- http://www.securityfocus.com/bid/47878
Связанные уязвимости
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 ...