SQLite3 -- Tempdir Selection Vulnerability

ID 546DEEEA-3FC6-11E6-A671-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-07-01T00:00:00


KoreLogic security reports:

Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check.