CVE Vulnerabilities

CVE-2011-0012

Improper Link Resolution Before File Access ('Link Following')

Published: Apr 18, 2011 | Modified: Apr 18, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.3 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Spice-xpi Redhat 2.2 (including) 2.2 (including)
Spice-xpi Redhat 2.3 (including) 2.3 (including)
Spice-xpi Redhat 2.4 (including) 2.4 (including)
Red Hat Enterprise Linux 6 RedHat spice-xpi-0:2.4-1.el6_0.2 *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References