hugin Insecure Temporary File Creation Vulnerability

The 'hugin' program is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects hugin 0.6.1 and 0.7_beta4; other versions may also be vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus