The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability bulletin CVE-2009-1962

Xfig: file corruptions

Synthesis of the vulnerability

A local attacker can use symbolic links in order to force file corruptions with rights of users of Xfig.
Vulnerable systems: Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Consequences of an attack: data creation/edition.
Pirate's origin: user shell.
Creation date: 01/04/2009.
Références of this weakness: BID-34328, CVE-2009-1962, MDVSA-2009:244, MDVSA-2009:244-1, VIGILANCE-VUL-8588.

Description of the vulnerability

The Xfig program is used to draw.

It uses several temporary files in an insecure manner:
 - xfig-eps$$ in f_readeps.c
 - xfig-pic$$.pix in f_readeps.c
 - xfig-pic$$.err in f_readeps.c
 - xfig-pcx$$.pix in f_readgif.c
 - xfig-pcx$$.pix in f_readppm.c
 - xfig-pcx$$.pix in f_readtif.c
 - xfig-xfigrc$$ in f_util.c
 - xfig$$ in main.c
 - xfig-print$$ in u_print.c
 - xfig-export$$.err in u_print.c
 - xfig-exp$$ in w_print.c
 - xfig-spell.$$ in w_srchrepl.c

A local attacker can use symbolic links in order to force file corruptions with rights of users of Xfig.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.