| Severity |
|
| Remote |
|
| Type |
| + |
Access restriction bypass |
|
| Description |
| + |
The socket placed in /tmp by pcmanfm is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another user then said another user will either be unable to use pcmanfm, or may send requests to the first user's pcmanfm. |
|
| References |
| + |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571 |
| + |
https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 |
|
| Notes |
|