Weak Permission Management in Gnash Plugin Allows Local Information Exposure
CVE-2011-4328

Currently unrated

Key Information:

Vendor

Gnu
Status
Gnash
Vendor
CVE Published:
16 June 2012

What is CVE-2011-4328?

The Gnash plugin prior to version 0.8.10 possesses a vulnerability where cookie files are created with weak permissions in the /tmp directory, making them world-readable. This allows local users to access certain sensitive information stored in these cookies. The predictable naming convention of the cookie files exacerbates the issue, as it simplifies the process for attackers to exploit this weakness to extract sensitive data from the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2011/11/21/12
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2012-03/msg000...
vendor-advisoryx_refsource_SUSE
http://git.savannah.gnu.org/gitweb/?p=gnash.git%3Ba=commi...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.