Vulnerability Description
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
CVSS Score
6.3
MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 11.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2011-03/msg00007.htmlVendor Advisory
- http://support.novell.com/security/cve/CVE-2011-0461.html
- https://bugzilla.novell.com/665479
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2011-03/msg00007.htmlVendor Advisory
- http://support.novell.com/security/cve/CVE-2011-0461.html
- https://bugzilla.novell.com/665479
FAQ
What is CVE-2011-0461?
CVE-2011-0461 is a vulnerability with a CVSS score of 6.3 (MEDIUM). /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack...
How severe is CVE-2011-0461?
CVE-2011-0461 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0461?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse.