Computer Security
[EN] securityvulns.ru no-pyccku


XWine WINE graphical interface multiple security vulnerabilities
Published:20.03.2008
Source:
SecurityVulns ID:8810
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation, weak configuration file permissions.
Affected:XWINE : XWine 1.0
CVE:CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.)
 CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities (20.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod