The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Link | Tags |
---|---|
http://www.securityfocus.com/bid/45102 | vdb entry |
http://secunia.com/advisories/42416 | third party advisory vendor advisory |
http://www.debian.org/security/2012/dsa-2435 | vendor advisory |
http://www.osvdb.org/69533 | vdb entry |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419 | |
http://secunia.com/advisories/48466 | third party advisory |