Medium severity5.5NVD Advisory· Published Oct 23, 2017· Updated May 13, 2026

CVE-2011-2684

Description

foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.

Affected products

Rkkda/Foo2zjs3 versions
cpe:2.3:a:rkkda:foo2zjs:20090908dfsg-5.1\+squeeze0:*:*:*:*:debian:*:*+ 2 more
- cpe:2.3:a:rkkda:foo2zjs:20090908dfsg-5.1\+squeeze0:*:*:*:*:debian:*:*
- cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-1:*:*:*:*:debian:*:*
- cpe:2.3:a:rkkda:foo2zjs:20110722dfsg-3ubuntu1:*:*:*:*:ubuntu:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2011/07/06/10nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2014/02/08/5nvdMailing ListThird Party Advisory
bugs.debian.org/cgi-bin/bugreport.cginvdThird Party Advisory
bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370nvdThird Party Advisory
security-tracker.debian.org/tracker/CVE-2011-2684/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000