On Tue, Dec 04, 2007 at 08:51:57PM +0100, Joost Yervante Damad wrote: > On Wednesday 28 November 2007 11:28:21 Steffen Joeris wrote: > > Package: audacity > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Hi > > > > The following CVE[0] has been issued against audacity. > > > > CVE-2007-6061: > > > > Audacity 1.3.2 creates a temporary directory with a predictable name > > without checking for previous existence of that directory, which allows > > local users to cause a denial of service (recording deadlock) by > > creating the directory before Audacity is run. NOTE: this issue can be > > leveraged to delete arbitrary files or directories via a symlink attack. > > > > Please mention the CVE id in your changelog, when you fix this bug. > > Thanks for your efforts. > > Does anyone have an idea how to fix this? I scanned trough the code, but did > not find a "quick" solution, besides disabling the /tmp/audacity1.2-<LOGNAME> > altogether.
Well, the easiest solution is to have a random name of the directory (mktemp -d for instance can create such a directory very easily). Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
