Lucene search

[email protected]CVE-2011-0460

HistoryApr 16, 2014 - 6:37 p.m.

CVE-2011-0460

2014-04-1618:37:09

CWE-59

[email protected]

web.nvd.nist.gov

init script

kbd

local users

symlink attack

security vulnerability

nvd

cve-2011-0460

6.4 Medium

AI Score

Confidence

Low

6.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

Affected configurations

NVD

Node

kbd-projectkbdRange≤1.14.1

kbd-projectkbdMatch0.99

kbd-projectkbdMatch1.01

kbd-projectkbdMatch1.03

kbd-projectkbdMatch1.04

kbd-projectkbdMatch1.05

kbd-projectkbdMatch1.06

kbd-projectkbdMatch1.08

kbd-projectkbdMatch1.10

kbd-projectkbdMatch1.11

kbd-projectkbdMatch1.12

kbd-projectkbdMatch1.13

kbd-projectkbdMatch1.14

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

CPENameOperatorVersion
kbd-project:kbdkbd-project kbdle1.14.1
kbd-project:kbdkbd-project kbdeq0.99
kbd-project:kbdkbd-project kbdeq1.01
kbd-project:kbdkbd-project kbdeq1.03
kbd-project:kbdkbd-project kbdeq1.04
kbd-project:kbdkbd-project kbdeq1.05
kbd-project:kbdkbd-project kbdeq1.06
kbd-project:kbdkbd-project kbdeq1.08
kbd-project:kbdkbd-project kbdeq1.10
kbd-project:kbdkbd-project kbdeq1.11

CPE	Name	Operator	Version
kbd-project:kbd	kbd-project kbd	le	1.14.1
kbd-project:kbd	kbd-project kbd	eq	0.99
kbd-project:kbd	kbd-project kbd	eq	1.01
kbd-project:kbd	kbd-project kbd	eq	1.03
kbd-project:kbd	kbd-project kbd	eq	1.04
kbd-project:kbd	kbd-project kbd	eq	1.05
kbd-project:kbd	kbd-project kbd	eq	1.06
kbd-project:kbd	kbd-project kbd	eq	1.08
kbd-project:kbd	kbd-project kbd	eq	1.10
kbd-project:kbd	kbd-project kbd	eq	1.11