[Bug 6671] Re: insecure file access (breezy, dapper, edgy)

Anton Gyllenberg Tue, 03 Apr 2007 01:38:50 -0700

** Summary changed:

- insecure file access (breezy, dapper)
+ insecure file access (breezy, dapper, edgy)


** Description changed:

  Reproduced in versions:
      2.37a-1ubuntu1.1 (breezy?)
      2.41-1ubuntu4 (dapper)
+     2.42a-1ubuntu1.1 (edgy)
  
  Blender writes to files in /tmp/ in an insecure fashion. For example,
  launching blender and then selecting "Render > Render Animation", writes
  to the file /tmp/0001.jpg.
  
  This can be exploited by a malicious user to overwrite arbitrary files
  of another user using blender:
  
  [EMAIL PROTECTED] ln -s /home/bob/thesis.tex /tmp/0001.jpg

-- 
insecure file access (breezy, dapper, edgy)
https://bugs.launchpad.net/bugs/6671
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 6671] Re: insecure file access (breezy, dapper, edgy)

Reply via email to