Red Hat Bugzilla – Bug 639869
CVE-2011-0012 spice-xpi: symlink attack on usbrdrctl log file
Last modified: 2015-08-19 04:56:54 EDT
Spice-xpi uses predictable name for usbrdrctl log file which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running spice-xpi.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0426 https://rhn.redhat.com/errata/RHSA-2011-0426.html
This bug has been fixed almost a year ago, closing.