7.1

CVE-2011-3632

Exploit
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hardlink ProjectHardlink Version < 0.1.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.384
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
Third Party Advisory
Issue Tracking
https://www.openwall.com/lists/oss-security/2011/10/20/6
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/cve-2011-3632
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3632
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2011-3632
Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/10/15/2
Third Party Advisory
Exploit
Mailing List