GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
References
Link | Resource |
---|---|
http://www.gnu.org/software/gnump3d/ChangeLog | Patch |
http://www.gnu.org/software/gnump3d/attacks.html#temporary-files | |
http://www.debian.org/security/2005/dsa-901 | Patch |
http://secunia.com/advisories/17647 | Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml | Patch |
http://secunia.com/advisories/17646 | Patch Vendor Advisory |
http://secunia.com/advisories/17656 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/15497 | Patch |
http://www.novell.com/linux/security/advisories/2005_28_sr.html | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2005/2489 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-11-18 14:03
Updated : 2011-10-17 21:00
NVD link : CVE-2005-3349
Mitre link : CVE-2005-3349
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
gnu
- gnump3d