FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
48a59c96-9c6e-11d9-a040-000a95bc6fae	wine -- information disclosure due to insecure temporary file handling Due to insecure temporary file creation in the Wine Windows emulator, it is possible for any user to read potentially sensitive information from temporary registry files. When a Win32 application is launched by wine, wine makes a dump of the Windows registry in /tmp with name regxxxxyyyy.tmp , where xxxxxx is the pid in hexadecimal value of the current wine process and yyyy is an integer value usually equal to zero. regxxxxyyyy.tmp is created with 0644 (-rw-r--r--) permissions. This could represent a security problem in a multi-user environment. Indeed, any local user could access to windows regstry's dump and get sensitive information, like passwords and other private data. Discovery 2005-03-13 Entry 2005-03-24 wine < 20050310 CVE-2005-0787 http://marc.theaimsgroup.com/?l=bugtraq&m=111082537009842 http://bugs.winehq.org/show_bug.cgi?id=2715 http://www.securitytracker.com/alerts/2005/Mar/1013428.html http://www.zone-h.org/advisories/read/id=7300 http://www.securityfocus.com/bid/12791 http://xforce.iss.net/xforce/xfdb/19697

VuXML ID

Description

48a59c96-9c6e-11d9-a040-000a95bc6fae

wine -- information disclosure due to insecure temporary file handling

Due to insecure temporary file creation in the Wine Windows emulator, it is possible for any user to read potentially sensitive information from temporary registry files.

When a Win32 application is launched by wine, wine makes a dump of the Windows registry in /tmp with name regxxxxyyyy.tmp , where xxxxxx is the pid in hexadecimal value of the current wine process and yyyy is an integer value usually equal to zero.

regxxxxyyyy.tmp is created with 0644 (-rw-r--r--) permissions. This could represent a security problem in a multi-user environment. Indeed, any local user could access to windows regstry's dump and get sensitive information, like passwords and other private data.

Discovery 2005-03-13
Entry 2005-03-24
wine

< 20050310

CVE-2005-0787
http://marc.theaimsgroup.com/?l=bugtraq&m=111082537009842
http://bugs.winehq.org/show_bug.cgi?id=2715
http://www.securitytracker.com/alerts/2005/Mar/1013428.html
http://www.zone-h.org/advisories/read/id=7300
http://www.securityfocus.com/bid/12791
http://xforce.iss.net/xforce/xfdb/19697