diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2005-03-24 14:15:05 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2005-03-24 14:15:05 +0000 |
commit | 8fdf391a727f2c362181a50da361fb90c2fedf1c (patch) | |
tree | b54e26cbf38dd88140b6f68c14a538c337f72778 | |
parent | Document the most serious of the recently disclosed (diff) |
Document Wine information disclosure.
Based on an entry that was
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
Approved by: portmgr (blanket, VuXML)
Diffstat (limited to '')
-rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d5672b522163..3334d190cc59 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,49 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="48a59c96-9c6e-11d9-a040-000a95bc6fae"> + <topic>wine -- information disclosure due to insecure temporary + file handling</topic> + <affects> + <package> + <name>wine</name> + <range><lt>20050310</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Due to insecure temporary file creation in the Wine Windows + emulator, it is possible for any user to read potentially + sensitive information from temporary registry files.</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=111082537009842"> + <p>When a Win32 application is launched by wine, wine makes + a dump of the Windows registry in /tmp with name + regxxxxyyyy.tmp , where xxxxxx is the pid in hexadecimal + value of the current wine process and yyyy is an integer + value usually equal to zero.</p> + <p>regxxxxyyyy.tmp is created with 0644 (-rw-r--r--) + permissions. This could represent a security problem in a + multi-user environment. Indeed, any local user could + access to windows regstry's dump and get sensitive + information, like passwords and other private data.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-0787</cvename> + <mlist msgid="20050314135701.30231.qmail@www.securityfocus.com">http://marc.theaimsgroup.com/?l=bugtraq&m=111082537009842</mlist> + <url>http://bugs.winehq.org/show_bug.cgi?id=2715</url> + <url>http://www.securitytracker.com/alerts/2005/Mar/1013428.html</url> + <url>http://www.zone-h.org/advisories/read/id=7300</url> + <url>http://www.securityfocus.com/bid/12791</url> + <url>http://xforce.iss.net/xforce/xfdb/19697</url> + </references> + <dates> + <discovery>2005-03-13</discovery> + <entry>2005-03-24</entry> + </dates> + </vuln> + <vuln vid="741f8841-9c6b-11d9-9dbe-000a95bc6fae"> <topic>firefox -- arbitrary code execution from sidebar panel</topic> <affects> |