SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   BMV Vendors:   Kybic, Jan
BMV Viewer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1012847
SecurityTracker URL:  http://securitytracker.com/id/1012847
CVE Reference:   CAN-2003-0014   (Links to External Site)
Date:  Jan 12 2005
Impact:   Modification of system information, Modification of user information, User access via local system

Version(s): 1.2
Description:   A vulnerability was reported in the BMV viewer in the processing of temporary files. A local user may be able to gain elevated privileges.

Debian reported that BMV uses temporary files in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by BMV. Then, when BMV is run, the symlinked file may be overwritten with the privileges of the target user.

The flaw resides in 'gsinterf.c'.

Peter Samuelson is credited with discovering this flaw.

Impact:   A local user may be able to obtain elevated privileges.
Solution:   No upstream solution was available at the time of this entry.
Cause:   Access control error, State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 12 2005 (Debian Issues Fix) BMV Viewer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.



 Source Message Contents

Date:  Wed, 12 Jan 2005 00:31:25 -0500
Subject:  [none]


CVE: CAN-2003-0014

Debian reported a vulnerability in the BMV viewer in the processing of temporary files.
A local user may be able to gain elevated privileges.

Peter Samuelson is credited with discovering this flaw.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC