2006-01-11 15:43:44 |
Anton Gyllenberg |
bug |
|
|
added bug |
2006-08-23 10:18:20 |
Anton Gyllenberg |
bug |
|
|
assigned to blender (Ubuntu) |
2006-09-01 10:58:11 |
Anton Gyllenberg |
description |
Version: 2.37a-1ubuntu1.1
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then pressing 'a' (for animation?) writes to the file /tmp/0000.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0000.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2006-09-01 10:58:11 |
Anton Gyllenberg |
title |
insecure file access |
insecure file access (breezy, dapper) |
|
2007-04-03 08:25:43 |
Anton Gyllenberg |
description |
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-1ubuntu1.1 (edgy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2007-04-03 08:25:43 |
Anton Gyllenberg |
title |
insecure file access (breezy, dapper) |
insecure file access (breezy, dapper, edgy) |
|
2007-09-04 19:08:58 |
Vincent Legout |
blender: importance |
Undecided |
Medium |
|
2007-09-04 19:08:58 |
Vincent Legout |
blender: status |
New |
Incomplete |
|
2007-10-19 07:38:05 |
Anton Gyllenberg |
description |
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-1ubuntu1.1 (edgy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2007-10-19 07:39:11 |
Anton Gyllenberg |
title |
insecure file access (breezy, dapper, edgy) |
insecure file access (breezy, dapper, edgy, gutsy) |
|
2008-03-28 21:21:15 |
Daniel Hahler |
blender: importance |
Medium |
High |
|
2008-03-28 21:21:15 |
Daniel Hahler |
blender: status |
Incomplete |
Triaged |
|
2008-04-09 19:35:15 |
Kees Cook |
bug |
|
|
added subscriber Ubuntu Security Team |
2008-04-25 13:38:20 |
Anton Gyllenberg |
description |
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-linux-glibc232-py24-i386-static (blender.org binary)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (feisty)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2008-04-25 13:38:20 |
Anton Gyllenberg |
title |
insecure file access (breezy, dapper, edgy, gutsy) |
insecure file access (breezy, dapper, edgy, gutsy, feisty) |
|
2008-04-25 13:40:09 |
Anton Gyllenberg |
description |
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-linux-glibc232-py24-i386-static (blender.org binary)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (feisty)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-linux-glibc232-py24-i386-static (blender.org binary)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (hardy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2008-04-25 13:40:09 |
Anton Gyllenberg |
title |
insecure file access (breezy, dapper, edgy, gutsy, feisty) |
insecure file access (breezy, dapper, edgy, gutsy, hardy) |
|
2008-04-25 15:48:42 |
Kees Cook |
bug |
|
|
added subscriber MOTU SWAT |
2008-04-25 15:57:40 |
Kees Cook |
blender: status |
Triaged |
Incomplete |
|
2008-04-25 15:57:40 |
Kees Cook |
blender: assignee |
|
keescook |
|
2008-04-30 21:10:11 |
Kees Cook |
blender: importance |
High |
Medium |
|
2008-04-30 21:10:11 |
Kees Cook |
blender: assignee |
keescook |
|
|
2008-04-30 21:10:11 |
Kees Cook |
blender: status |
Incomplete |
Confirmed |
|
2008-05-28 19:21:47 |
Daniel Hahler |
blender: status |
Confirmed |
Triaged |
|
2008-09-14 04:28:51 |
Daniel T Chen |
blender: status |
Triaged |
Incomplete |
|
2008-09-14 04:28:51 |
Daniel T Chen |
blender: statusexplanation |
|
Is this symptom still reproducible in 8.10 alpha? |
|
2008-10-22 11:47:01 |
Anton Gyllenberg |
description |
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-linux-glibc232-py24-i386-static (blender.org binary)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (hardy)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
Reproduced in versions:
2.37a-1ubuntu1.1 (breezy?)
2.41-1ubuntu4 (dapper)
2.42a-linux-glibc232-py24-i386-static (blender.org binary)
2.42a-1ubuntu1.1 (edgy)
2.44-2ubuntu2 (gutsy)
2.45-4ubuntu1 (hardy)
2.46+dfsg-4 (intrepid)
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then selecting "Render > Render Animation", writes to the file /tmp/0001.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/thesis.tex /tmp/0001.jpg
|
|
2008-10-22 11:47:01 |
Anton Gyllenberg |
title |
insecure file access (breezy, dapper, edgy, gutsy, hardy) |
insecure file access (breezy, dapper, edgy, gutsy, hardy, intrepid) |
|
2009-01-14 18:44:53 |
Adam Buchbinder |
blender: status |
Incomplete |
Confirmed |
|
2009-01-14 18:44:53 |
Adam Buchbinder |
blender: statusexplanation |
Is this symptom still reproducible in 8.10 alpha? |
Anton Gyllenberg: nope. Marking Confirmed. |
|
2009-01-21 07:38:23 |
Stefan Lesicnik |
bug |
|
|
assigned to blender (Fedora) |
2009-01-21 07:39:46 |
Bug Watch Updater |
blender: status |
Unknown |
Fix Committed |
|
2009-03-07 22:51:55 |
Festor |
bug |
|
|
assigned to blender (Debian) |
2009-03-10 02:24:17 |
Bug Watch Updater |
blender: status |
Unknown |
Fix Released |
|
2009-04-09 08:44:47 |
Till Ulen |
removed subscriber Alexander Konovalenko |
|
|
|
2009-08-06 23:00:30 |
Chris Coulson |
blender (Ubuntu): status |
Confirmed |
Fix Released |
|
2010-03-24 20:54:31 |
Artur Rona |
removed subscriber MOTU SWAT |
|
|
|
2010-09-14 23:01:41 |
rusivi2 |
blender: status |
New |
Incomplete |
|
2010-09-18 00:30:36 |
rusivi2 |
bug |
|
|
added subscriber rusivi1 |
2010-09-29 10:56:38 |
rusivi2 |
removed subscriber rusivi2 |
|
|
|
2011-10-19 16:12:54 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
2017-10-27 12:11:50 |
Bug Watch Updater |
blender (Fedora): status |
Fix Committed |
Invalid |
|
2017-10-27 12:11:50 |
Bug Watch Updater |
blender (Fedora): importance |
Unknown |
Low |
|