CVE-2010-4337 in gnash
Summary
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Reservation
11/30/2010
Disclosure
01/14/2011
Status
Confirmed
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 56089 | GNU gnash link following | 59 | Not defined | Not defined | CVE-2010-4337 |