CVE-2011-5146

Published: Aug 31, 2012Modified: Apr 29, 2026

2.6

Vector

AV:L/AC:H/Au:N/C:N/I:P/A:P

Exploitability: 1.9 / Impact: 4.9

Source: NVD

Description

Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.

Affected (1)

Products: Ingumadev: Bokken

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ingumadev Bokken	Up to 1.5

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (10)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931

Source: cve@mitre.org

http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec

Source: cve@mitre.org

Patch

http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html

Source: cve@mitre.org

http://secunia.com/advisories/47252

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/77700

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931

Source: af854a3a-2127-422b-91ae-364da2661108

http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47252

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/77700

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.