Wine Unsafe Temporary Files Disclose Registry Contents to Local Users
|
|
SecurityTracker Alert ID: 1013428 |
|
SecurityTracker URL: http://securitytracker.com/id/1013428
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 14 2005
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 20050211 and previous versions
|
Description:
A vulnerability was reported in Wine. A local user may be able to access the registry.
Wine creates temporary files in an unsafe manner. When a Win32-based application is launched by Wine, a copy of the registry is made in the '/tmp' directory. The file is created with globally readable permissions.
A local user can view the file to obtain the registry contents.
The filename is of the format 'regxxxxxxyyyy.tmp' [where the 'x' values are the process ID in haxadecimal representation and the 'y' values are an integer value that is often equal to zero].
Giovanni Delvecchio of Zone-h reported this vulnerability.
|
Impact:
A local user may be able to access the registry for a target user.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: winehq.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
