Vigil@nce: Xfig, file corruptions
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can use symbolic links in order to force file
corruptions with rights of users of Xfig.
Severity: 1/4
Consequences: data creation/edition
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/04/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Xfig program is used to draw.
It uses several temporary files in an insecure manner:
– xfig-eps$$ in f_readeps.c
– xfig-pic$$.pix in f_readeps.c
– xfig-pic$$.err in f_readeps.c
– xfig-pcx$$.pix in f_readgif.c
– xfig-pcx$$.pix in f_readppm.c
– xfig-pcx$$.pix in f_readtif.c
– xfig-xfigrc$$ in f_util.c
– xfig$$ in main.c
– xfig-print$$ in u_print.c
– xfig-export$$.err in u_print.c
– xfig-exp$$ in w_print.c
– xfig-spell.$$ in w_srchrepl.c
A local attacker can use symbolic links in order to force file
corruptions with rights of users of Xfig.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8588
http://vigilance.fr/vulnerability/Xfig-file-corruptions-8588