Vulnerability Details CVE-2011-3154
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.0%
CVSS Severity
CVSS v2 Score 1.9
References
Products affected by CVE-2011-3154
-
cpe:2.3:a:canonical:update-manager:1
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:10.10
-
cpe:2.3:o:canonical:ubuntu_linux:11.04
-
cpe:2.3:o:canonical:ubuntu_linux:11.10
-
cpe:2.3:o:canonical:ubuntu_linux:8.04