CVE-2012-3378

Name of the Vulnerable Software and Affected Versions GNOME at-spi2-atk version 2.5.2

Description The issue concerns the register application function in atk-adaptor/bridge.c, which does not properly seed the random number generator. This results in the generation of predictable temporary file names. A local user can exploit this to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.

Recommendations For GNOME at-spi2-atk version 2.5.2, consider restricting access to the register application function until a patch is available. As a temporary workaround, avoid using the atk-adaptor/bridge.c module to minimize the risk of exploitation.