Synaesthesia Insecure File Creation Vulnerability

An insecure file creation vulnerability exists in Synaesthesia. This issue arises due to the creation of a configuration file by the process while running with root privileges.

A local attacker could exploit this issue by creating a symbolic link with the name of the insecurely created file pointing to a target system file. Upon execution, the Synaesthesia software will then write to the configuration file symbolic link, potentially destroying sensitive data, which could result in denial of service.


 

Privacy Statement
Copyright 2010, SecurityFocus