GPicView Multiple Local Security Vulnerabilities
BID:30819
Info
GPicView Multiple Local Security Vulnerabilities
| Bugtraq ID: | 30819 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 25 2008 12:00AM |
| Updated: | Aug 28 2008 11:14PM |
| Credit: | Jeremy C. Reed |
| Vulnerable: |
GPicView GPicView 0.1.9 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
GPicView Multiple Local Security Vulnerabilities
GPicView is affected by multiple local security vulnerabilities:
- The software creates temporary files in an insecure manner.
- The software contains two vulnerabilities that may allow attackers to overwrite arbitrary files.
These issues stem from a design error that permits files to be saved without user verification.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application.
GPicView 0.1.9 is vulnerable; other versions may also be affected.
GPicView is affected by multiple local security vulnerabilities:
- The software creates temporary files in an insecure manner.
- The software contains two vulnerabilities that may allow attackers to overwrite arbitrary files.
These issues stem from a design error that permits files to be saved without user verification.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application.
GPicView 0.1.9 is vulnerable; other versions may also be affected.
Exploit / POC
GPicView Multiple Local Security Vulnerabilities
To exploit these issues, an attacker requires local, interactive access to a vulnerable computer and can use readily available commands.
To exploit these issues, an attacker requires local, interactive access to a vulnerable computer and can use readily available commands.
Solution / Fix
GPicView Multiple Local Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GPicView Multiple Local Security Vulnerabilities
References:
References:
- #495968 [gpicview] security RC bugs (Debian)
- [ 2019481 ] gpicview unsafe /tmp usage (Jeremy C. Reed)
- [ 2019485 ] gpicview ask_before_save is ignored with LIBJPEG You may monitor thi (Jeremy C. Reed)
- [ 2019492 ] gpicview ask_before_save is ignored if auto_save_rotated (Jeremy C. Reed)
- GPicView Homepage (GPicView)