CVE-2010-5105

Published: Apr 27, 2014

Modified: Aug 7, 2024

PUBLISHED

Description

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)

mailing-list

x_refsource_MLIST

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621

x_refsource_MISC

[oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)

mailing-list

x_refsource_MLIST

https://developer.blender.org/T22509

x_refsource_MISC

openSUSE-SU-2013:0302

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-5105

Description

Affected Products

References