LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

audacity: insecure tmpfile handling

Package(s):audacity CVE #(s):CVE-2007-6061
Created:March 3, 2008 Updated:May 12, 2008
Description: From the Gentoo advisory:

Viktor Griph reported that the "AudacityApp::OnInit()" method in file src/AudacityApp.cpp does not handle temporary files properly.

A local attacker could exploit this vulnerability to conduct symlink attacks to delete arbitrary files and directories with the privileges of the user running Audacity.

Alerts:
Gentoo 200803-03 2008-03-02
Mandriva MDVSA-2008:074 2007-03-20
Fedora FEDORA-2008-3511 2008-05-09
Fedora FEDORA-2008-3456 2008-05-09
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.