First published: Mon Oct 04 2010(Updated: )
Spice-xpi uses predictable name for usbrdrctl log file which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running spice-xpi.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Spice-xpi | =2.2 | |
Redhat Spice-xpi | =2.3 | |
Redhat Spice-xpi | =2.4 | |
Mozilla Firefox |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.