Unrated severityNVD Advisory· Published May 23, 2011· Updated Apr 29, 2026
CVE-2011-1920
CVE-2011-1920
Description
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Affected products
19cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diffnvdPatch
- cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diffnvdPatch
- openwall.com/lists/oss-security/2011/05/16/8nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- bugs.debian.org/cgi-bin/bugreport.cginvdExploitPatch
- openwall.com/lists/oss-security/2011/05/16/2nvdExploitPatch
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- www.securityfocus.com/bid/47878nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/67495nvd
News mentions
0No linked articles in our index yet.