CVE-2011-3154
First published: Thu Apr 17 2014(Updated: )
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Update Manager | <=1\:0.87.24 | |
| Ubuntu Update Manager | =1\-0.134.7 | |
| Ubuntu Update Manager | =1\-0.142.19 | |
| Ubuntu Update Manager | =1\-0.150 | |
| Ubuntu Update Manager | =1\-0.152.25 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| Ubuntu Linux | =11.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu | =10.10 | |
| Ubuntu | =8.04 | |
| Ubuntu | =11.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-3154?
The severity of CVE-2011-3154 is considered medium due to improper handling of temporary files that may expose sensitive information.
How do I fix CVE-2011-3154?
To fix CVE-2011-3154, update the Update Manager to versions 1:0.87.31.1 or later for affected Ubuntu systems.
Which versions of Ubuntu are affected by CVE-2011-3154?
CVE-2011-3154 affects Ubuntu versions 8.04 LTS, 10.04 LTS, 10.10, 11.04, and 11.10 with specific versions of the Update Manager.
Can CVE-2011-3154 lead to unauthorized access?
Yes, CVE-2011-3154 can allow local users to obtain the contents of the XAUTHORITY file, potentially enabling unauthorized access.
Is CVE-2011-3154 an exploit or a vulnerability?
CVE-2011-3154 is a vulnerability that could be exploited by local users to gain access to sensitive information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/canonical
- canonical/ubuntu update manager
- version/ubuntu update manager/1\:0.87.24
- version/ubuntu update manager/1\-0.134.7
- version/ubuntu update manager/1\-0.142.19
- version/ubuntu update manager/1\-0.150
- version/ubuntu update manager/1\-0.152.25
- canonical/ubuntu linux
- version/ubuntu linux/8.04
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- version/ubuntu linux/11.04
- version/ubuntu linux/11.10
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/8.04
- version/ubuntu/11.04
- version/ubuntu/11.10
- version/ubuntu/10.04