1.9
CVSSv2

CVE-2011-3154

Published: 17/04/2014 Updated: 05/05/2014
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
VMScore: 173
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

DistUpgrade/DistUpgradeViewKDE.py in Update Manager prior to 1:0.87.31.1, 1:0.134.x prior to 1:0.134.11.1, 1:0.142.x prior to 1:0.142.23.1, 1:0.150.x prior to 1:0.150.5.1, and 1:0.152.x prior to 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Affected Products

Vendor Product Versions
CanonicalUpdate-manager1:0.87.24, 1:0.134.7, 1:0.142.19, 1:0.150, 1:0.152.25
CanonicalUbuntu Linux8.04, 10.04, 10.10, 11.04, 11.10

Vendor Advisories

USN-1284-1 introduced a regression in Update Manager ...
Update Manager could be made to overwrite files as the administrator ...