Bug#453283: CVE-2007-6061: possible symlink attack
On Wednesday 28 November 2007 11:28:21 Steffen Joeris wrote:
> Package: audacity
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi
>
> The following CVE[0] has been issued against audacity.
>
> CVE-2007-6061:
>
> Audacity 1.3.2 creates a temporary directory with a predictable name
> without checking for previous existence of that directory, which allows
> local users to cause a denial of service (recording deadlock) by
> creating the directory before Audacity is run. NOTE: this issue can be
> leveraged to delete arbitrary files or directories via a symlink attack.
>
> Please mention the CVE id in your changelog, when you fix this bug.
> Thanks for your efforts.
Does anyone have an idea how to fix this? I scanned trough the code, but did
not find a "quick" solution, besides disabling the /tmp/audacity1.2-<LOGNAME>
altogether.
I also checked upstream CVS and they don't have a fix yet.
Joost
Reply to: