Red Hat Bugzilla – Bug 669851
CVE-2010-4337 gnash: symlink attack via configure script
Last modified: 2015-08-19 16:46:34 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4337 to
the following vulnerability:
Reference: MISC: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419
Reference: URL: http://www.securityfocus.com/bid/45102
Reference: URL: http://www.osvdb.org/69533
Reference: URL: http://secunia.com/advisories/42416
The configure script in gnash 0.8.8 allows local users to overwrite
arbitrary files via a symlink attack on the (1)
/tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$,
or (3) /tmp/gnash-configure-recommended.$$ files.
Created gnash tracking bugs for this issue
Affects: fedora-all [bug 669852]
This doesn't affect our binary packages at all, does it? Only the SRPMs are affected, when people rebuild them in a live system or an insecure chroot.
That's exactly right. So I wouldn't go out of the way to fix this, but would fix the next time gnash is built. Thanks.