Computer Security

feh multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



feh multiple security vulnerabilities
Published:16.10.2011
Source:BUGTRAQ
SecurityVulns ID:11978
Type:local
Level:4/10
Description:Different vulnerabilities in graphics format parsing.
Affected:FEH : feh 1.12
CVE:CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.)
 CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.)
 CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.)
Original documentdocumentGENTOO, [ GLSA 201110-08 ] feh: Multiple vulnerabilities (16.10.2011)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru