Symlink Vulnerability in GNOME Rhythmbox Affecting Local Users
CVE-2012-3355

Currently unrated

Key Information:

Vendor: Gnome
Status: Rhythmbox
Vendor: CVE Published:; 17 July 2012

What is CVE-2012-3355?

Insecure handling of temporary HTML template files in the Context module of GNOME Rhythmbox allows local users to exploit symlink attacks. By manipulating files in the /tmp/context directory, attackers can execute arbitrary code when the affected tabs, including Album, Artist, Links, and Lyrics, are accessed. This vulnerability poses risks to system integrity, enabling unauthorized operations within the user environment.

References

https://bugzilla.gnome.org/show_bug.cgi?id=678661

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2012/06/25/5

mailing-listx_refsource_MLIST

https://hermes.opensuse.org/messages/15351848

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2012
Vulnerability Reserved
Jun 14, 2012

Gnome

What is CVE-2012-3355?

References

Timeline