FreeBSD : wine -- information disclosure due to insecure temporary file handling (48a59c96-9c6e-11d9-a040-000a95bc6fae)

Low Nessus Plugin ID 18924


The remote FreeBSD host is missing a security-related update.


Due to insecure temporary file creation in the Wine Windows emulator, it is possible for any user to read potentially sensitive information from temporary registry files.

When a Win32 application is launched by wine, wine makes a dump of the Windows registry in /tmp with name regxxxxyyyy.tmp , where xxxxxx is the pid in hexadecimal value of the current wine process and yyyy is an integer value usually equal to zero.

regxxxxyyyy.tmp is created with 0644 (-rw-r--r--) permissions. This could represent a security problem in a multi-user environment.
Indeed, any local user could access to windows regstry's dump and get sensitive information, like passwords and other private data.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 18924

File Name: freebsd_pkg_48a59c969c6e11d9a040000a95bc6fae.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/07/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:wine, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/03/24

Vulnerability Publication Date: 2005/03/13

Reference Information

CVE: CVE-2005-0787