CVE-2011-0460

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Kbd	Kbd-project	*	1.14.1 (including)
Kbd	Kbd-project	0.99 (including)	0.99 (including)
Kbd	Kbd-project	1.01 (including)	1.01 (including)
Kbd	Kbd-project	1.03 (including)	1.03 (including)
Kbd	Kbd-project	1.04 (including)	1.04 (including)
Kbd	Kbd-project	1.05 (including)	1.05 (including)
Kbd	Kbd-project	1.06 (including)	1.06 (including)
Kbd	Kbd-project	1.08 (including)	1.08 (including)
Kbd	Kbd-project	1.10 (including)	1.10 (including)
Kbd	Kbd-project	1.11 (including)	1.11 (including)
Kbd	Kbd-project	1.12 (including)	1.12 (including)
Kbd	Kbd-project	1.13 (including)	1.13 (including)
Kbd	Kbd-project	1.14 (including)	1.14 (including)
Opensuse	Opensuse	11.2 (including)	11.2 (including)
Opensuse	Opensuse	11.3 (including)	11.3 (including)
Kbd	Ubuntu	hardy	*

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0460
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

References

CVE-2011-0460

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References