Directory traversal vulnerability in device-linux.c in the router
advertisement daemon (radvd) before 1.8.2 allows local users to overwrite
arbitrary files, and remote attackers to overwrite certain files, via a …
(dot dot) in an interface name. NOTE: this can be leveraged with a symlink
to overwrite arbitrary files.
Author | Note |
---|---|
mdeslaur | upstream patch may be incorrect, see http://www.openwall.com/lists/oss-security/2011/10/07/4 issue was actually fixed in 1.8.3 because of incorrect patch |