CVE-2017-8934 log
Source |
|
Severity | Medium |
Remote | No |
Type | Access restriction bypass |
Description | The socket placed in /tmp by pcmanfm is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another user then said another user will either be unable to use pcmanfm, or may send requests to the first user's pcmanfm. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-274 | pcmanfm | 1.2.5-1 | 1.2.5-2 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
22 Jun 2017 | ASA-201706-26 | AVG-274 | pcmanfm | Medium | denial of service |
References |
---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571 https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 |