Package: babiloo Version: 2.0.9-1 Severity: grave Tags: security Justification: user security hole
babiloo creates temporary files with predictable names, allowing a local attacker to overwrite arbitrary files.
An example scenario: 1. Attacker does `ln -sf /file/to/overwrite /tmp/fra_vie.dct.zip`. 2. Victim runs babiloo, selects Dictionaries > Download Dictionaries, selects the "French-Vietnamese" dictionary, and clicks the icon to download it. In addition to that, babiloo appears to be affected by CVE-2007-4559. -- Jakub Wilk
signature.asc
Description: Digital signature
