CVE-2011-4606 - Vulnerability Details - OpenCVE

Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Artsoft	Rocks\'n\'diamonds

Configuration 1 [-]

cpe:2.3:a:artsoft:rocks\'n\'diamonds:3.3.0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620
http://openwall.com/lists/oss-security/2011/12/12/2
http://openwall.com/lists/oss-security/2011/12/12/3
https://bugzilla.redhat.com/show_bug.cgi?id=766805

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-12-15T02:00:00Z

Updated: 2024-08-07T00:09:19.326Z

Reserved: 2011-11-29T00:00:00Z

Link: CVE-2011-4606

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-12-15T03:57:34.387

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4606

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2011-12-15T02:00:00Z"}, "references": [{"name": "[oss-security] 20111212 Re: CVE request: rocksndiamonds world-writable working/config directory", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/12/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=766805"}, {"name": "[oss-security] 20111212 CVE request: rocksndiamonds world-writable working/config directory", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/12/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:09:19.326Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20111212 Re: CVE request: rocksndiamonds world-writable working/config directory", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/12/12/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=766805"}, {"name": "[oss-security] 20111212 CVE request: rocksndiamonds world-writable working/config directory", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/12/12/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4606", "state": "PUBLISHED", "dateReserved": "2011-11-29T00:00:00Z", "datePublished": "2011-12-15T02:00:00Z", "dateUpdated": "2024-08-07T00:09:19.326Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artsoft:rocks\\'n\\'diamonds:3.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDE6C592-E6EF-4D6C-9A83-4A4B35E7E5E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory."}, {"lang": "es", "value": "Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 permite a usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico en .rocksndiamonds/cache/artworkinfo.cache bajo el directorio home del usuario."}], "id": "CVE-2011-4606", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-15T03:57:34.387", "references": [{"source": "[email protected]", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620"}, {"source": "[email protected]", "url": "http://openwall.com/lists/oss-security/2011/12/12/2"}, {"source": "[email protected]", "url": "http://openwall.com/lists/oss-security/2011/12/12/3"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=766805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/12/12/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/12/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=766805"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "[email protected]", "type": "Primary"}]}