Vulnerabilities > CVE-2005-0787 - Local Insecure File Creation vulnerability in Wine 20050211/20050305/20050310
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_48A59C969C6E11D9A040000A95BC6FAE.NASL |
description | Due to insecure temporary file creation in the Wine Windows emulator, it is possible for any user to read potentially sensitive information from temporary registry files. When a Win32 application is launched by wine, wine makes a dump of the Windows registry in /tmp with name regxxxxyyyy.tmp , where xxxxxx is the pid in hexadecimal value of the current wine process and yyyy is an integer value usually equal to zero. regxxxxyyyy.tmp is created with 0644 (-rw-r--r--) permissions. This could represent a security problem in a multi-user environment. Indeed, any local user could access to windows regstry |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18924 |
published | 2005-07-13 |
reporter | This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/18924 |
title | FreeBSD : wine -- information disclosure due to insecure temporary file handling (48a59c96-9c6e-11d9-a040-000a95bc6fae) |