Published: 14/01/2011 Updated: 19/06/2012

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnash 0.8.8

Debian Bug report logs - #605419 CVE-2010-4337 gnash: configure creates temp files insecurely Package: src:gnash; Maintainer for src:gnash is Debian Flash Team <pkg-flash-devel@listsaliothdebianorg>; Reported by: Jakub Wilk <jwilk@debianorg> Date: Mon, 29 Nov 2010 20:09:01 UTC Severity: normal Tags: security, squ ...

Debian Bug report logs - #664023 [CVE-2012-1175] gnash integer overflow Package: gnash; Maintainer for gnash is Debian Flash Team <pkg-flash-devel@listsaliothdebianorg>; Source for gnash is src:gnash (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Wed, 14 Mar 2012 22:27:16 UTC Severity ...

Several vulnerabilities have been identified in Gnash, the GNU Flash player CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially ...

CWE-59 http://www.securityfocus.com/bid/45102 http://www.osvdb.org/69533 http://secunia.com/advisories/42416 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419 http://www.debian.org/security/2012/dsa-2435 http://secunia.com/advisories/48466 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419 https://www.debian.org/security/./dsa-2435

CVE-2010-4337

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect