Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3378

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-3378
Last Modified 05 Sep 2012 12:00:00
Published 31 Aug 2012 02:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3378

Summary

The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.

Vulnerable Systems

Application

  • Gnome At-spi2-atk 2.5.2


References

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=678348

MLIST - [oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi

MLIST - [oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026


Last Updated: 27 May 2016 11:00:26