DSA-1526 xwine -- several vulnerabilitiesID: oval:org.mitre.oval:def:7999 | Date: (C)2009-12-15 (M)2021-09-11 |
Class: PATCH | Family: unix |
Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities in xwine, a graphical user interface for the WINE emulator. The Common Vulnerabilities and Exposures project identifies the following problems: The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program. The xwine command changes the permissions of the global WINE configuration file such that it is world-writable. This could allow local users to edit it such that arbitrary commands could be executed whenever any local user executed a program under WINE.