{"id":"CVE-2011-3602","details":"Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name.  NOTE: this can be leveraged with a symlink to overwrite arbitrary files.","modified":"2026-02-04T02:44:54.087416Z","published":"2014-04-27T21:55:05Z","related":["openSUSE-SU-2024:10558-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2011/dsa-2323"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1257-1"},{"type":"FIX","url":"https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc"},{"type":"WEB","url":"http://www.litech.org/radvd/CHANGES"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2011/10/06/3"}],"schema_version":"1.7.3"}