blender: privilege escalation
| Package(s): | blender | CVE #(s): | CVE-2010-5105 | ||||
| Created: | February 15, 2013 | Updated: | February 20, 2013 | ||||
| Description: | From the openSUSE bug tracker: An insecure temporary file use flaw was found in the way 'undo save quit' routine of Blender kernel of Blender, a 3D modeling, animation, rendering and post-production software solution, performed management of 'quit.blend' temporary file, used for session recovery purposes. A local attacker could use this flaw to conduct symbolic link attacks, leading to ability to overwrite arbitrary system file, accessible with the privileges of the user running the blender executable. | ||||||
| Alerts: |
| ||||||