Arbitrary File Overwrite Vulnerability in NetBSD Make Include Files

Arbitrary File Overwrite Vulnerability in NetBSD Make Include Files

CVE-2011-1920 · LOW Severity

AV:L/AC:M/AU:N/C:N/I:P/A:P

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

Learn more about our User Device Pen Test.