Vulnerability Details CVE-2010-5105
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.2%
CVSS Severity
CVSS v2 Score 3.3
References
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html
- http://www.openwall.com/lists/oss-security/2012/09/06/3
- http://www.openwall.com/lists/oss-security/2012/09/07/13
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
- https://developer.blender.org/T22509
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html
- http://www.openwall.com/lists/oss-security/2012/09/06/3
- http://www.openwall.com/lists/oss-security/2012/09/07/13
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
- https://developer.blender.org/T22509
Products affected by CVE-2010-5105
-
cpe:2.3:a:blender:blender:2.25
-
cpe:2.3:a:blender:blender:2.26
-
cpe:2.3:a:blender:blender:2.27
-
cpe:2.3:a:blender:blender:2.28
-
cpe:2.3:a:blender:blender:2.30
-
cpe:2.3:a:blender:blender:2.31
-
cpe:2.3:a:blender:blender:2.32
-
cpe:2.3:a:blender:blender:2.33
-
cpe:2.3:a:blender:blender:2.34
-
cpe:2.3:a:blender:blender:2.35
-
cpe:2.3:a:blender:blender:2.36
-
cpe:2.3:a:blender:blender:2.37
-
cpe:2.3:a:blender:blender:2.40
-
cpe:2.3:a:blender:blender:2.41
-
cpe:2.3:a:blender:blender:2.42
-
cpe:2.3:a:blender:blender:2.43
-
cpe:2.3:a:blender:blender:2.44
-
cpe:2.3:a:blender:blender:2.45
-
cpe:2.3:a:blender:blender:2.46
-
cpe:2.3:a:blender:blender:2.47
-
cpe:2.3:a:blender:blender:2.48
-
cpe:2.3:a:blender:blender:2.49
-
cpe:2.3:a:blender:blender:2.50
-
cpe:2.3:a:blender:blender:2.51
-
cpe:2.3:a:blender:blender:2.52
-
cpe:2.3:a:blender:blender:2.53
-
cpe:2.3:a:blender:blender:2.54
-
cpe:2.3:a:blender:blender:2.55
-
cpe:2.3:a:blender:blender:2.56
-
cpe:2.3:a:blender:blender:2.57
-
cpe:2.3:a:blender:blender:2.58
-
cpe:2.3:a:blender:blender:2.59
-
cpe:2.3:a:blender:blender:2.60
-
cpe:2.3:a:blender:blender:2.61
-
cpe:2.3:a:blender:blender:2.63