The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Blender | Blender | * | 2.63a (including) |
| Blender | Ubuntu | artful | * |
| Blender | Ubuntu | bionic | * |
| Blender | Ubuntu | cosmic | * |
| Blender | Ubuntu | disco | * |
| Blender | Ubuntu | eoan | * |
| Blender | Ubuntu | groovy | * |
| Blender | Ubuntu | hardy | * |
| Blender | Ubuntu | hirsute | * |
| Blender | Ubuntu | impish | * |
| Blender | Ubuntu | kinetic | * |
| Blender | Ubuntu | lunar | * |
| Blender | Ubuntu | mantic | * |
| Blender | Ubuntu | oneiric | * |
| Blender | Ubuntu | precise | * |
| Blender | Ubuntu | quantal | * |
| Blender | Ubuntu | raring | * |
| Blender | Ubuntu | saucy | * |
| Blender | Ubuntu | trusty | * |
| Blender | Ubuntu | utopic | * |
| Blender | Ubuntu | vivid | * |
| Blender | Ubuntu | wily | * |
| Blender | Ubuntu | xenial | * |
| Blender | Ubuntu | yakkety | * |
| Blender | Ubuntu | zesty | * |