3 matches found
openSUSE Security Update : aaa_base (openSUSE-SU-2011:0171-1)
The boot.localfs init script wrote a file to /dev/shm during shut-down. Since local users may create symlinks there a malicious user could cause corruption of arbitrary files CVE-2011-0461. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
openSUSE Security Update : aaa_base (openSUSE-SU-2011:0171-1)
The boot.localfs init script wrote a file to /dev/shm during shut-down. Since local users may create symlinks there a malicious user could cause corruption of arbitrary files CVE-2011-0461. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2011-0461
CVE-2011-0461 affects the openSUSE/SUSE package aaa_base. The flaw is in /etc/init.d/boot.localfs and allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. Affected products/versions are aaa_base in SUSE/OpenSUSE 11.2 prior to 11.2-43.48.1 and in OpenSUSE 11.3 pri...