CVE-2011-3602

Router Advertisement Daemon <1.8.2 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/06/3
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2323
Various Sources x_refsource_confirm
http://www.litech.org/radvd/CHANGES
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1257-1

Scores

EPSS 0.0277
EPSS Percentile 84.6%

Details

CWE
CWE-22
Status published
Products (1)
litech/router_advertisement_daemon < 1.8.1
Published Apr 27, 2014
Tracked Since Feb 18, 2026