CVE-2010-5105
Published: 27 April 2014
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
blender Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
Notes
| Author | Note |
|---|---|
| sbeattie | according to debian report, 2.49.2~dfsg-1 is not affected should be mitigated by yama tmp hardening |