[CVE-2007-6061] Denial of service and deletion of an arbitrary directory tree via symlink attack
Bug #173153 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
audacity (Debian) |
Fix Released
|
Unknown
|
|||
audacity (Gentoo Linux) |
Fix Released
|
Low
|
|||
audacity (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Kees Cook | ||
Edgy |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Kees Cook | ||
Gutsy |
Fix Released
|
Undecided
|
Kees Cook | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: audacity
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
All releases (including Hardy) are affected.
CVE References
Changed in audacity: | |
status: | Unknown → In Progress |
Changed in audacity: | |
status: | Unknown → New |
Changed in audacity: | |
status: | New → Fix Released |
Changed in audacity: | |
status: | Fix Released → Confirmed |
Changed in audacity: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
assignee: | nobody → keescook |
status: | Fix Committed → Fix Released |
Changed in audacity: | |
status: | Confirmed → In Progress |
Changed in audacity: | |
status: | In Progress → Fix Committed |
Changed in audacity: | |
status: | Fix Committed → Fix Released |
Changed in audacity: | |
status: | In Progress → Fix Released |
Changed in audacity (Gentoo Linux): | |
importance: | Unknown → Low |
To post a comment you must log in.
There's no upstream fix yet.