Bug#453283: CVE-2007-6061: possible symlink attack

To: 453283@bugs.debian.org
Subject: Bug#453283: CVE-2007-6061: possible symlink attack
From: Joost Yervante Damad <joost@damad.be>
Date: Tue, 4 Dec 2007 20:51:57 +0100
Message-id: <[🔎] 200712042051.57823.joost@damad.be>
Reply-to: Joost Yervante Damad <joost@damad.be>, 453283@bugs.debian.org
In-reply-to: <20071128102821.12289.61196.reportbug@hannah.debian.org>
References: <20071128102821.12289.61196.reportbug@hannah.debian.org>

On Wednesday 28 November 2007 11:28:21 Steffen Joeris wrote:
> Package: audacity
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi
>
> The following CVE[0] has been issued against audacity.
>
> CVE-2007-6061:
>
> Audacity 1.3.2 creates a temporary directory with a predictable name
> without checking for previous existence of that directory, which allows
> local users to cause a denial of service (recording deadlock) by
> creating the directory before Audacity is run. NOTE: this issue can be
> leveraged to delete arbitrary files or directories via a symlink attack.
>
> Please mention the CVE id in your changelog, when you fix this bug.
> Thanks for your efforts.

Does anyone have an idea how to fix this? I scanned trough the code, but did 
not find a "quick" solution, besides disabling the /tmp/audacity1.2-<LOGNAME> 
altogether.

I also checked upstream CVS and they don't have a fix yet.

Joost

Reply to:

Follow-Ups:
- Bug#453283: CVE-2007-6061: possible symlink attack
  - From: Luk Claes <luk@debian.org>

Prev by Date: Bug#446597: marked as done (FTBFS after checking for pkg-config and 'call of overloaded 'abs(nframes64_t)' is ambiguous')
Next by Date: Bug#446597: NMU patch for ardour
Previous by thread: Bug#446597: marked as done (FTBFS after checking for pkg-config and 'call of overloaded 'abs(nframes64_t)' is ambiguous')
Next by thread: Bug#453283: CVE-2007-6061: possible symlink attack
Index(es):
- Date
- Thread