---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: SimpleCDR-X Insecure Temporary Image File Creation SECUNIA ADVISORY ID: SA16835 VERIFY ADVISORY: http://secunia.com/advisories/16835/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: SimpleCDR-X 1.x http://secunia.com/product/5710/ DESCRIPTION: Jonas Thambert has reported a security issue in SimpleCDR-X, which can be exploited by malicious, local users to gain access to sensitive information. The security issue is caused due to the application creating a temporary copy of the ISO image with insecure file permissions in "/tmp/.temp". This may allow malicious users to gain access to the contents of the image when it is being written to the CD. Successful exploitation requires that the user has not changed the default configuration of the temporary directory. The security issue has been reported in version 1.3.3. Prior versions may also be affected. SOLUTION: Configure the user's home directory or a more secure location as the temporary directory. PROVIDED AND/OR DISCOVERED BY: Jonas Thambert ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------