Bug#453283: CVE-2007-6061: possible symlink attack
On Tue, Dec 04, 2007 at 08:51:57PM +0100, Joost Yervante Damad wrote:
> On Wednesday 28 November 2007 11:28:21 Steffen Joeris wrote:
> > Package: audacity
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi
> >
> > The following CVE[0] has been issued against audacity.
> >
> > CVE-2007-6061:
> >
> > Audacity 1.3.2 creates a temporary directory with a predictable name
> > without checking for previous existence of that directory, which allows
> > local users to cause a denial of service (recording deadlock) by
> > creating the directory before Audacity is run. NOTE: this issue can be
> > leveraged to delete arbitrary files or directories via a symlink attack.
> >
> > Please mention the CVE id in your changelog, when you fix this bug.
> > Thanks for your efforts.
>
> Does anyone have an idea how to fix this? I scanned trough the code, but did
> not find a "quick" solution, besides disabling the /tmp/audacity1.2-<LOGNAME>
> altogether.
Well, the easiest solution is to have a random name of the directory (mktemp -d for instance can create such a directory very easily).
Cheers
Luk
Reply to: