Unrated severityNVD Advisory· Published Apr 17, 2014· Updated May 6, 2026

CVE-2011-3154

Description

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Affected products

Canonical (company)/Update Manager5 versions
cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*range: <=1\:0.87.24
- cpe:2.3:a:canonical:update-manager:1\:0.134.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.142.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.150:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.152.25:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ubuntu.com/usn/USN-1284-1nvdVendor Advisory
secunia.com/advisories/47024nvd
bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000