Secunia Security Advisory - Jonas Thambert has reported a security issue in SimpleCDR-X, which can be exploited by malicious, local users to gain access to sensitive information.
d279e430ed3f025cc7d535acaeff864c28e8035cd539ebda70c44da025d53735
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
https://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
SimpleCDR-X Insecure Temporary Image File Creation
SECUNIA ADVISORY ID:
SA16835
VERIFY ADVISORY:
https://secunia.com/advisories/16835/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
SOFTWARE:
SimpleCDR-X 1.x
https://secunia.com/product/5710/
DESCRIPTION:
Jonas Thambert has reported a security issue in SimpleCDR-X, which
can be exploited by malicious, local users to gain access to
sensitive information.
The security issue is caused due to the application creating a
temporary copy of the ISO image with insecure file permissions in
"/tmp/.temp". This may allow malicious users to gain access to the
contents of the image when it is being written to the CD.
Successful exploitation requires that the user has not changed the
default configuration of the temporary directory.
The security issue has been reported in version 1.3.3. Prior versions
may also be affected.
SOLUTION:
Configure the user's home directory or a more secure location as the
temporary directory.
PROVIDED AND/OR DISCOVERED BY:
Jonas Thambert
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed