GNU Gnash Cookie Files Local Information Disclosure Vulnerability
BID:50747
Info
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
| Bugtraq ID: | 50747 |
| Class: | Unknown |
| CVE: |
CVE-2011-4328 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Apr 13 2015 09:49PM |
| Credit: | Alexander Kurtz |
| Vulnerable: |
GNU Gnash 0.8.9 GNU Gnash 0.8.8 GNU Gnash 0.7.2 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
GNU Gnash is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to disclose user session information. Information obtained may lead to further attacks.
GNU Gnash 0.8.9 is vulnerable; other versions may also be affected.
GNU Gnash is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to disclose user session information. Information obtained may lead to further attacks.
GNU Gnash 0.8.9 is vulnerable; other versions may also be affected.
Exploit / POC
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
Local attackers can use standard tools to exploit this issue.
Local attackers can use standard tools to exploit this issue.
Solution / Fix
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
References:
References:
- gnash creates world-readable cookies under /tmp with predictable filenames (Alexander Kurtz )
- Gnash Homepage (GNU)
- Bug 755518 - (CVE-2011-4328) CVE-2011-4328 gnash: Unsafe management of HTTP cook (Jan Lieskovsky)