CVE-2011-3602 β€” Path Traversal in Router Advertisement Daemon

CWE-22 β€” Path Traversal9 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 54.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Litech Router Advertisement Daemon
Timeline
PublishedApr 27
Latest updateMay 17

Description

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

3
GHSA
GHSA-jxfr-4vcf-h5vv: Directory traversal vulnerability in device-linux↗2022-05-17
β–Ά
OSV
CVE-2011-3602: Directory traversal vulnerability in device-linux↗2014-04-27
β–Ά
CVEList
CVE-2011-3602: Directory traversal vulnerability in device-linux↗2014-04-27
β–Ά

πŸ“‹Vendor Advisories

3
Ubuntu
radvd vulnerabilities↗2011-11-10
β–Ά
Red Hat
radvd: arbitrary file overwrite flaw in set_interface_var()β†—2011-10-04
β–Ά
Debian
CVE-2011-3602: radvd - Directory traversal vulnerability in device-linux.c in the router advertisement ...β†—2011
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2011-3601 CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 radvd various flaws [fedora-all]β†—2011-10-07
β–Ά
Bugzilla
CVE-2011-3602 radvd: arbitrary file overwrite flaw in set_interface_var()β†—2011-10-05
β–Ά
CVE-2011-3602 β€” Path Traversal | cvebase