{"id":"UBUNTU-CVE-2010-4337","details":"The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.","modified":"2025-07-16T08:10:27.038138Z","published":"2011-01-14T23:00:00Z","withdrawn":"2025-07-18T16:42:40Z","upstream":["CVE-2010-4337"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2010-4337"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2010-4337"}],"affected":[{"package":{"name":"gnash","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gnash@0.8.11~git20130903-3ubuntu1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.11~git20130903-3ubuntu1"}]}],"versions":["0.8.11~git20120629-1ubuntu3","0.8.11~git20120629-1ubuntu4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"browser-plugin-gnash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-common","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-common-opengl","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-cygnal","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-dbg","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-dev","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-doc","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-ext-fileio","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-ext-lirc","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-ext-mysql","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-opengl","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"gnash-tools","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"klash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"klash-opengl","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"konqueror-plugin-gnash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"mozilla-plugin-gnash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"python-gtk-gnash","binary_version":"0.8.11~git20130903-3ubuntu1"},{"binary_name":"swfdec-gnome","binary_version":"1:0.8.11~git20130903-3ubuntu1"},{"binary_name":"swfdec-mozilla","binary_version":"0.8.11~git20130903-3ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4337.json"}},{"package":{"name":"gnash","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gnash@0.8.11~git20160109-1build1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.11~git20160109-1build1"}]}],"versions":["0.8.11~git20150419-3build1","0.8.11~git20150419-3build2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"browser-plugin-gnash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"browser-plugin-gnash-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-common","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-common-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-common-opengl","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-cygnal","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-cygnal-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-dbg","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-dev","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-dev-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-doc","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-fileio","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-fileio-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-lirc","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-lirc-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-mysql","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-ext-mysql-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-opengl","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-tools","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"gnash-tools-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"klash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"klash-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"klash-opengl","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"konqueror-plugin-gnash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"konqueror-plugin-gnash-dbgsym","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"mozilla-plugin-gnash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"python-gtk-gnash","binary_version":"0.8.11~git20160109-1build1"},{"binary_name":"swfdec-gnome","binary_version":"1:0.8.11~git20160109-1build1"},{"binary_name":"swfdec-mozilla","binary_version":"0.8.11~git20160109-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4337.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}