Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200712-01
HistoryDec 05, 2007 - 12:00 a.m.

Hugin: Insecure temporary file creation

2007-12-0500:00:00
Gentoo Foundation
security.gentoo.org
8

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Background

Hugin is a GUI for creating and processing panoramic images.

Description

Suse Linux reported that Hugin creates the “hugin_debug_optim_results.txt” temporary file in an insecure manner.

Impact

A local attacker could exploit this vulnerability with a symlink attack, potentially overwriting an arbitrary file with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Hugin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/hugin-0.6.1-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/hugin< 0.7_beta4-r1UNKNOWN

Related

fedora 2
nessus 4
openvas 3
securityvulns 2
prion 1
ubuntucve 1
debiancve 1
cve 1
fedora
fedora
[SECURITY] Fedora 7 Update: hugin-0.6.1-11.fc7
2007-11-09 23:38:53
[SECURITY] Fedora 8 Update: hugin-0.6.1-11.fc8
2007-11-06 16:06:33
nessus
nessus
GLSA-200712-01 : Hugin: Insecure temporary file creation
2007-12-07 00:00:00
Fedora 7 : hugin-0.6.1-11.fc7 (2007-2989)
2007-11-12 00:00:00
Fedora 8 : hugin-0.6.1-11.fc8 (2007-2807)
2007-11-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-01 (hugin)
2008-09-24 00:00:00
Fedora Update for hugin FEDORA-2007-2989
2009-02-27 00:00:00
Fedora Update for hugin FEDORA-2007-2807
2009-02-27 00:00:00
securityvulns
securityvulns
Hugin symbolic links vulnerability
2007-12-06 00:00:00
[ GLSA 200712-01 ] Hugin: Insecure temporary file creation
2007-12-06 00:00:00
prion
prion
Design/Logic Flaw
2007-10-14 18:17:00
ubuntucve
ubuntucve
CVE-2007-5200
2007-10-14 00:00:00
debiancve
debiancve
CVE-2007-5200
2007-10-14 18:17:00
cve
cve
CVE-2007-5200
2007-10-14 18:17:00

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for GLSA-200712-01
fedora2nessus4openvas3securityvulns2prion1ubuntucve1debiancve1cve1