CVE-2010-4337

Name of the Vulnerable Software and Affected Versions gnash version 0.8.8

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files created by the configure script. Specifically, the attack targets the /tmp/gnash-configure-errors.$$, /tmp/gnash-configure-warnings.$$, or /tmp/gnash-configure-recommended.$$ files.

Recommendations For gnash version 0.8.8, consider restricting access to the configure script to prevent unauthorized modifications, and avoid using the script in environments where local users could exploit this issue. As a temporary workaround, consider monitoring and restricting access to the mentioned temporary files until a patch is available.