Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNOME ‘register_application’函数安全漏洞
Vulnerability Description
GNOME 是Helix Code公司开发的用于Unix/Linux的桌面环境,它含有一个组件updater,自动下载其他组件的新版本并安装之。 GNOME at-spi2-atk 2.5.2版本中的atk-adaptor/bridge.c中的‘register_application’函数中存在漏洞,该漏洞源于未提供随机数生成器并生成可预测的临时文件名。本地攻击者可利用该漏洞通过在/tmp/at-spi2下的临时套接字文件的符号链接攻击,创建或截取文件。
CVSS Information
N/A
Vulnerability Type
N/A