Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
BID:51019
Info
Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
| Bugtraq ID: | 51019 |
| Class: | Design Error |
| CVE: |
CVE-2011-4606 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 12 2011 12:00AM |
| Updated: | Apr 13 2015 09:19PM |
| Credit: | Jakub Wilk |
| Vulnerable: |
Artsoft Entertainment Rocks'n'Diamonds 3.3.0.1 |
| Not Vulnerable: | |
Discussion
Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
Rocks'n'Diamonds is prone to an unauthorized-access vulnerability because of insecure permissions.
A local attacker could potentially perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
Rocks'n'Diamonds 3.3.0.1 is vulnerable; other versions may also be affected.
Rocks'n'Diamonds is prone to an unauthorized-access vulnerability because of insecure permissions.
A local attacker could potentially perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
Rocks'n'Diamonds 3.3.0.1 is vulnerable; other versions may also be affected.
Exploit / POC
Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
Attackers require local interactive access to exploit this issue.
Attackers require local interactive access to exploit this issue.
Solution / Fix
Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
References:
References:
- Rocks'n'Diamonds Homepage (Artsoft Entertainment )
- Bug 766805 - (CVE-2011-4606) (CVE-2011-4606) rocksndiamonds: creates ~/.rocksndi (Vincent Danen )
- Debian Bug report logs - #651620 ~/.rocksndiamonds/ is world-writable (Jakub Wilk)