Vulnerability Description
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blender | Blender | <= 2.63a |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html
- http://www.openwall.com/lists/oss-security/2012/09/06/3
- http://www.openwall.com/lists/oss-security/2012/09/07/13
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
- https://developer.blender.org/T22509
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html
- http://www.openwall.com/lists/oss-security/2012/09/06/3
- http://www.openwall.com/lists/oss-security/2012/09/07/13
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
- https://developer.blender.org/T22509
FAQ
What is CVE-2010-5105?
CVE-2010-5105 is a vulnerability with a CVSS score of 3.3 (LOW). The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue mig...
How severe is CVE-2010-5105?
CVE-2010-5105 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5105?
Check the references section above for vendor advisories and patch information. Affected products include: Blender Blender.