oss-sec mailing list archives
CVE request: rocksndiamonds world-writable working/config directory
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 12 Dec 2011 09:24:56 -0700
rocksndiamonds creates its ~/.rocksndiamonds/ directory as world-writable. This could allow a local attacker to replace a cache file with a symbolic link to a file they would not otherwise have access to, and the next time the victim loaded the game, it would be overwritten. Could a CVE be assigned to this please? References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620 https://bugzilla.redhat.com/show_bug.cgi?id=766805 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: rocksndiamonds world-writable working/config directory Vincent Danen (Dec 12)
- Re: CVE request: rocksndiamonds world-writable working/config directory Kurt Seifried (Dec 12)