xSANE Insecure Temporary File Creation Vulnerability

xSANE is a graphical program used to communicate with scanners and digital video devices. It uses the SANE library to communicate with physical devices.

xSANE creates temporary files in the /tmp directory which have predictable file names. As a result, it is possible for a local user to create a symbolic link to any file that is write-accessible by the user executing xSANE, and overwrite the contents of the file.

Earlier versions of xSANE may also be vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus