CVE-2011-0702
published 2011-02-14CVE-2011-0702: The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_…
PriorityP410low3.3CVSS 2.0
AVLACMAuNCNIPAP
EPSS
0.33%
25.1th percentile
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | feh | < feh 1.12-1 (bookworm) | feh 1.12-1 (bookworm) |
| feh_project | feh | <= 1.11.1 | — |
| feh_project | feh | <= 1.11.2 | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | — | — |
| feh_project | feh | >= 0 < 1.12-1 | 1.12-1 |
| feh_project | feh | >= 0 < 1.12-1 | 1.12-1 |
| feh_project | feh | >= 0 < 1.12-1 | 1.12-1 |
| feh_project | feh | >= 0 < 1.12-1 | 1.12-1 |
CVSS provenance
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
osv3.3LOW
vendor_debian3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2011-0702: feh - The feh_unique_filename function in utils.c in feh before 1.11.2 might allow loc...
vendor_debian·2011·CVSS 3.3
CVE-2011-0702 [LOW] CVE-2011-0702: feh - The feh_unique_filename function in utils.c in feh before 1.11.2 might allow loc...
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Scope: local
bookworm: resolved (fixed in 1.12-1)
bullseye: resolved (fixed in 1.12-1)
forky: resolved (fixed in 1.12-1)
sid: resolved (fixed in 1.12-1)
trixie: resolved (fixed in 1.12-1)
Debian
CVE-2011-1031: feh - The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allo...
vendor_debian·2011·CVSS 3.3
CVE-2011-1031 [LOW] CVE-2011-1031: feh - The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allo...
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
Scope: local
bookworm: resolved (fixed in 1.12-1)
bullseye: resolved (fixed in 1.12-1)
forky: resolved (fixed in 1.12-1)
sid: resolved (fixed in 1.12-1)
trixie: resolved (fixed in 1.12-1)
GHSA
GHSA-jw56-55h4-jxhw: The feh_unique_filename function in utils
ghsa_unreviewed·2022-05-13
CVE-2011-0702 [LOW] CWE-59 GHSA-jw56-55h4-jxhw: The feh_unique_filename function in utils
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
GHSA
GHSA-mf2w-fpcr-p3w9: The feh_unique_filename function in utils
ghsa_unreviewed·2022-05-13·CVSS 3.3
CVE-2011-1031 [LOW] CWE-59 GHSA-mf2w-fpcr-p3w9: The feh_unique_filename function in utils
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
OSV
CVE-2011-0702: The feh_unique_filename function in utils
osv·2011-02-14·CVSS 3.3
CVE-2011-0702 [LOW] CVE-2011-0702: The feh_unique_filename function in utils
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
OSV
CVE-2011-1031: The feh_unique_filename function in utils
osv·2011-02-14·CVSS 3.3
CVE-2011-1031 [LOW] CVE-2011-1031: The feh_unique_filename function in utils
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
bugzilla·2011-02-15·CVSS 3.3
CVE-2011-1031 [LOW] CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1031 to
the following vulnerability:
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier
might allow local users to create arbitrary files via a symlink attack
on a /tmp/feh_ temporary file, a different vulnerability than
CVE-2011-0702.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1031
[2] https://bugzilla.redhat.com/show_bug.cgi?id=676389
[3] https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40
[4] https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5
[5] https://github.com/derf/feh/issues/#issue/32
[6] http://secunia.com/advisories/432
Bugzilla
CVE-2011-0702 feh: arbitrary file overwrite vulnerability
bugzilla·2011-02-09·CVSS 3.3
CVE-2011-0702 [LOW] CVE-2011-0702 feh: arbitrary file overwrite vulnerability
CVE-2011-0702 feh: arbitrary file overwrite vulnerability
A Debian bug report [1],[2] indicated that feh is vulnerable to an
arbitrary file overwrite flaw. If a user could guess the PID of the feh
process and create a symlink in /tmp, they could cause the overwrite of any
file that the user running feh has write access to via wget overwriting the file. In
src/imlib.c we have:
235 char *feh_http_load_image(char *url)
236 {
237 char *tmpname;
238 char *basename;
239 char *path = NULL;
240
241 if (opt.keep_http) {
242 if (opt.output_dir)
243 path = opt.output_dir;
244 else
245 path = "";
246 } else
247 path = "/tmp/";
248
249 basename = strrchr(url, '/') + 1;
250 tmpname = feh_unique_filename(path, basename);
...
455 execlp("wget", "wget", "--cache=off", "-O", tmpname, url, quiet, NULL);
a
Bugzilla
CVE-2011-0702 CVE-2011-1031 feh: various flaws [fedora-all]
bugzilla·2011-02-09·CVSS 3.3
CVE-2011-0702 [LOW] CVE-2011-0702 CVE-2011-1031 feh: various flaws [fedora-all]
CVE-2011-0702 CVE-2011-1031 feh: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676389
Please note: this issue affects multiple supported vers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612035http://openwall.com/lists/oss-security/2011/02/09/1http://openwall.com/lists/oss-security/2011/02/09/14http://secunia.com/advisories/43221https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328https://bugzilla.redhat.com/show_bug.cgi?id=676389https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5https://github.com/derf/feh/issues/#issue/32http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612035http://openwall.com/lists/oss-security/2011/02/09/1http://openwall.com/lists/oss-security/2011/02/09/14http://secunia.com/advisories/43221https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328https://bugzilla.redhat.com/show_bug.cgi?id=676389https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5https://github.com/derf/feh/issues/#issue/32
2011-02-14
Published