CVE-2008-3699
Published: 14 August 2008
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 6.06 LTS (Dapper) does not contain the vulnerable code amarok tries to remove the file before opening it, so there is a TOCTOU vulnerability and a symlink could be inserted before open. This makes the attack much harder, but still possible. |
Priority
Status
Package | Release | Status |
---|---|---|
amarok Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(2:1.4.7-0ubuntu3.1)
|
|
hardy |
Released
(2:1.4.9.1-0ubuntu3.1)
|
|
upstream |
Released
(1.4.10)
|
|
Patches: other: http://websvn.kde.org/?view=rev&revision=846626 vendor: http://security.gentoo.org/glsa/glsa-200809-08.xml vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:172 |