Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5105

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2010-5105
Last Modified 31 Oct 2014 02:19:18
Published 27 Apr 2014 04:55:23
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5105

Summary

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.

Vulnerable Systems

Application

  • Blender 2.63a


References

MISC - https://developer.blender.org/T22509

MISC - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621

MLIST - [oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)

MLIST - [oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)

SUSE - openSUSE-SU-2013:0302


Last Updated: 27 May 2016 10:55:18