Wine Local Insecure File Creation Vulnerability
BID:12791
Info
Wine Local Insecure File Creation Vulnerability
| Bugtraq ID: | 12791 |
| Class: | Design Error |
| CVE: |
CVE-2005-0787 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 14 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Giovanni Delvecchio <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Wine Windows API Emulator 20050310 Wine Windows API Emulator 20050305 Wine Windows API Emulator 20050211 |
| Not Vulnerable: | |
Discussion
Wine Local Insecure File Creation Vulnerability
A local insecure file creation vulnerability affects Wine. This issue is due to a design error that fails to securely write to files in world-accessible directories.
An attacker may leverage this issue to use a symbolic link file named after the offending temporary file to write to arbitrary files with an unsuspecting user's privileges. Furthermore and attacker may gain access to potentially sensitive information contained within the temporary file.
A local insecure file creation vulnerability affects Wine. This issue is due to a design error that fails to securely write to files in world-accessible directories.
An attacker may leverage this issue to use a symbolic link file named after the offending temporary file to write to arbitrary files with an unsuspecting user's privileges. Furthermore and attacker may gain access to potentially sensitive information contained within the temporary file.
Exploit / POC
Wine Local Insecure File Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Wine Local Insecure File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.