insecure file access (breezy, dapper, edgy, gutsy, hardy, intrepid)
Bug #6671 reported by
Anton Gyllenberg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Blender |
Incomplete
|
Undecided
|
Unassigned | ||
blender (Debian) |
Fix Released
|
Unknown
|
|||
blender (Fedora) |
Invalid
|
Low
|
|||
blender (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Reproduced in versions:
2.37a-
2.41-1ubuntu4 (dapper)
2.42a-
2.42a-
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (hardy)
2.46+dfsg-4 (intrepid)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/
CVE References
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in blender: | |
status: | Confirmed → Triaged |
description: | updated |
Changed in blender: | |
status: | Unknown → Fix Committed |
Changed in blender: | |
status: | Unknown → Fix Released |
Changed in blender (Fedora): | |
importance: | Unknown → Low |
status: | Fix Committed → Invalid |
To post a comment you must log in.
# Automatically generated email from bts, devscripts version 2.8.10
tags 298167 patch