The security issues are caused due to Blender handling temporary files in
an insecure manner (e.g. creating "/tmp/quit.blend" when quitting Blender,
using easy to guess file names and insecure file permissions to store
temporary render frames, and insecure file permission when auto saving
files). This can be exploited to e.g. conduct symlink attacks and overwrite
arbitrary files with the permissions of the user running Blender or
disclose potentially sensitive information.
Besides the two issue already described in the comment #1, there is the third
issue covered by this CVE id:
Secunia assigned CVE id CVE-2008-1103 to the Multiple Temporary File Security
Issues and the description is now available here:
http:// secunia. com/advisories/ 29842/
[ ... ]
The security issues are caused due to Blender handling temporary files in
an insecure manner (e.g. creating "/tmp/quit.blend" when quitting Blender,
using easy to guess file names and insecure file permissions to store
temporary render frames, and insecure file permission when auto saving
files). This can be exploited to e.g. conduct symlink attacks and overwrite
arbitrary files with the permissions of the user running Blender or
disclose potentially sensitive information.
Besides the two issue already described in the comment #1, there is the third
issue covered by this CVE id:
- insecure file permission for auto saved files