10 matches found
Design/Logic Flaw
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...
UBUNTU-CVE-2010-5105
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...
Fedora Update for blender FEDORA-2012-13665
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for blender FEDORA-2012-13639
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 18 : blender-2.63a-8.fc18 (2012-13523)
Fix insucury file usage reported as CVE-2008-1103 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 16 : blender-2.59-7.fc16 (2012-13665)
Fix insecure use of creating temporary file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Mandriva Linux Security Advisory : blender (MDVSA-2008:204)
Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were openedCVE-2008-1102. As well, multiple vulnerabilities...
Fedora Update for blender FEDORA-2008-3875
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for blender FEDORA-2008-3862
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2008-1103
The CVE-2008-1103 entry concerns Blender's undo save quit routine. Affected software: Blender 2.5, 2.63a, and earlier. Root cause: a symlink attack on the quit.blend temporary file enables a local attacker to overwrite arbitrary files. Impact: ambiguity in the description, but the documented effe...