| XWine Printing Insecure Temporary File Creation Vulnerability |
|
Credit:
| Steve Kemp from Debian disclosed this vulnerability. |
|
Vulnerable:
|
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Darken33 XWine 1.0.1
+
Debian Linux 4.0 sparc
+
Debian Linux 4.0 s/390
+
Debian Linux 4.0 powerpc
+
Debian Linux 4.0 mipsel
+
Debian Linux 4.0 mips
+
Debian Linux 4.0 m68k
+
Debian Linux 4.0 ia-64
+
Debian Linux 4.0 ia-32
+
Debian Linux 4.0 hppa
+
Debian Linux 4.0 arm
+
Debian Linux 4.0 amd64
+
Debian Linux 4.0 alpha
+
Debian Linux 4.0
|
|
Description:
|
XWine is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects XWine 1.0.1; other versions may also be vulnerable.
|
| Exploit:
|
An attacker uses standard commands to exploit the issue.
|
|
Solution:
|
Debian has issued an advisory and updates. Please see the referenced advisory for more information.
|
|
References:
|
|
Subscribe to this comment's feed
Show/Hide comments
Show/Hide comment form