Vulnerability Details CVE-2011-3602
Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v2 Score 6.4
References
- http://www.debian.org/security/2011/dsa-2323
- http://www.litech.org/radvd/CHANGES
- http://www.openwall.com/lists/oss-security/2011/10/06/3
- http://www.ubuntu.com/usn/USN-1257-1
- https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
- http://www.debian.org/security/2011/dsa-2323
- http://www.litech.org/radvd/CHANGES
- http://www.openwall.com/lists/oss-security/2011/10/06/3
- http://www.ubuntu.com/usn/USN-1257-1
- https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
Products affected by CVE-2011-3602
-
cpe:2.3:a:litech:router_advertisement_daemon:*