Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4337

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2010-4337
Last Modified 18 Jun 2012 11:35:37
Published 14 Jan 2011 06:00:47
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4337

Summary

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

Vulnerable Systems

Application

  • Gnu Gnash 0.8.8


References

BID - 45102

OSVDB - 69533

SECUNIA - 42416

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419

DEBIAN - DSA-2435

SECUNIA - 48466


Last Updated: 27 May 2016 10:56:31