CVE-2011-1031

Current Description

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.

Basic Data

PublishedFebruary 14, 2011
Last ModifiedFebruary 27, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-59
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:N/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.3
SeverityLOW
Exploitability Score3.4
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFeh ProjectFeh1.3.5*******
    2.3ApplicationFeh ProjectFeh1.4*******
    2.3ApplicationFeh ProjectFeh1.4.1*******
    2.3ApplicationFeh ProjectFeh1.4.2*******
    2.3ApplicationFeh ProjectFeh1.4.3*******
    2.3ApplicationFeh ProjectFeh1.5*******
    2.3ApplicationFeh ProjectFeh1.6*******
    2.3ApplicationFeh ProjectFeh1.6.1*******
    2.3ApplicationFeh ProjectFeh1.7*******
    2.3ApplicationFeh ProjectFeh1.8*******
    2.3ApplicationFeh ProjectFeh1.9*******
    2.3ApplicationFeh ProjectFeh1.10*******
    2.3ApplicationFeh ProjectFeh1.10.1*******
    2.3ApplicationFeh ProjectFeh1.11*******
    2.3ApplicationFeh ProjectFeh1.11.1*******
    2.3ApplicationFeh ProjectFeh********1.11.2

Vulnerable Software List

VendorProductVersions
Feh Project Feh *, 1.10, 1.10.1, 1.11, 1.11.1, 1.3.5, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.6, 1.6.1, 1.7, 1.8, 1.9

References

NameSourceURLTags
43221http://secunia.com/advisories/43221SECUNIAVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=676389https://bugzilla.redhat.com/show_bug.cgi?id=676389MISCPatch
https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40CONFIRMPatch
https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5CONFIRMPatch
https://github.com/derf/feh/issues/#issue/32https://github.com/derf/feh/issues/#issue/32CONFIRMPatch