CVE-2010-3440

Vulnerability

Babiloo versions 2.0.9 to 2.0.10 (before 2.0.11) create temporary files with predictable names when downloading and unpacking dictionary files. This vulnerability resides in the file handling code used during dictionary extraction, and no special configuration is required beyond using the affected version with the dictionary download feature.

Exploitation

A local attacker with knowledge of the predictable temporary file naming scheme can time an attack to overwrite an arbitrary file on the system. The attacker does not require any authentication beyond local access, and the exploitation window is during the extraction process triggered by a user downloading a dictionary file.

Impact

Successful exploitation allows the local attacker to overwrite arbitrary files, potentially leading to denial of service, privilege escalation, or data corruption depending on the target file. The compromise is limited to file overwriting; code execution is not directly described in the references.[1]

Mitigation

The issue is fixed in Babiloo version 2.0.11. Users should upgrade to this version or later. If an upgrade is not immediately possible, avoid using the dictionary download feature or apply restrictive file permissions to mitigate exploitation.[2] The vulnerability does not appear on the CISA KEV list.