CVE-2011-3602

Publication date 7 October 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

Read the notes from the security team

Status

Package Ubuntu Release Status
radvd 11.10 oneiric
Fixed 1:1.8-1ubuntu0.1
11.04 natty
Fixed 1:1.7-1ubuntu0.1
10.10 maverick
Fixed 1:1.6-1ubuntu0.1
10.04 LTS lucid
Fixed 1:1.3-1.1ubuntu0.1
8.04 LTS hardy Ignored end of life

Notes

mdeslaur

upstream patch may be incorrect, see http://www.openwall.com/lists/oss-security/2011/10/07/4 issue was actually fixed in 1.8.3 because of incorrect patch

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
radvd

References

Related Ubuntu Security Notices (USN)

    • USN-1257-1
    • radvd vulnerabilities
    • 10 November 2011

Other references