Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
BID:30966
Info
Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 30966 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | Sep 03 2008 02:14PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
Cadsoft Video Disk Recorder 1.6 |
| Not Vulnerable: | |
Discussion
Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
Cadsoft Video Disk Recorder creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Cadsoft Video Disk Recorder 1.6.0 is vulnerable; other versions may also be affected.
Cadsoft Video Disk Recorder creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Cadsoft Video Disk Recorder 1.6.0 is vulnerable; other versions may also be affected.
Exploit / POC
Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit this issue.
An attacker uses readily available commands to exploit this issue.
Solution / Fix
Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
Solution:
Debian has released a fix. Please see the references for more information.
Solution:
Debian has released a fix. Please see the references for more information.
References
Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
References:
References:
- Cadsoft Video Disk Recorder Homepage (Cadsoft)
- Debian Bug report logs - #496421 (Debian)