CVE-2011-3632Link Following in Project Hardlink

CWE-59Link Following6 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 67.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Hardlink Project HardlinkHardlinkDebian Linux+2 more
Timeline
PublishedNov 26
Latest updateApr 22

Description

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5hardlink/hardlinkbefore 0.1.2

Also affects: Debian Linux 10.0, 8.0, 9.0, Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

1
GHSA
GHSA-98h5-28mw-xjrq: Hardlink before 02022-04-22

📋Vendor Advisories

2
Red Hat
hardlink: Prone to symlink attacks2011-10-15
Debian
CVE-2011-3632: hardlink - Hardlink before 0.1.2 operates on full file system objects path names which can ...2011

💬Community

2
Bugzilla
CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 hardlink various flaws [fedora-all]2011-10-17
Bugzilla
CVE-2011-3632 hardlink: Prone to symlink attacks2011-10-17