First published: Fri Jan 14 2011(Updated: )
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Gnash | =0.8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-4337 is classified as a moderate severity vulnerability due to its potential for local file overwriting via a symlink attack.
To fix CVE-2010-4337, users should update to a patched version of gnash that addresses this symlink vulnerability.
CVE-2010-4337 specifically affects gnash version 0.8.8.
No, CVE-2010-4337 requires local access to exploit the symlink vulnerability.
CVE-2010-4337 involves symlink attacks on the temporary files /tmp/gnash-configure-errors.$$, /tmp/gnash-configure-warnings.$$, and /tmp/gnash-configure-recommended.$$.