CVE-2017-8934

Source
Severity Medium
Remote No
Type Access restriction bypass
Description
The socket placed in /tmp by pcmanfm is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another user then said another user will either be unable to use pcmanfm, or may send requests to the first user's pcmanfm.
Group Package Affected Fixed Severity Status Ticket
AVG-274 pcmanfm 1.2.5-1 1.2.5-2 Medium Fixed
Date Advisory Group Package Severity Description
22 Jun 2017 ASA-201706-26 AVG-274 pcmanfm Medium denial of service
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571
https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08