SUSE CVE-2008-3699

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...

GLSA-200809-08 : Amarok: Insecure temporary file creation

The remote host is affected by the vulnerability described in GLSA-200809-08 Amarok: Insecure temporary file creation Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp uses the albuminfo.xml temporary file in an insecure...

Design/Logic Flaw

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...

CVE-2008-3699

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...

Amarok 'MagnatuneBrowser::listDownloadComplete()'不安全临时文件建立漏洞

BUGTRAQ ID: 30662 CNCAN ID：CNCAN-2008081412 Amarok是一款Linux/Unix平台下的音乐播放器。 Amarok不安全处理临时文件，本地攻击者可以利用漏洞通过符号链接攻击破坏系统文件。 问题存在于'MagnatuneBrowser::listDownloadComplete'函数中，由于不安全建立临时文件，攻击者通过符号链接以用户进程权限覆盖系统的任意文件，造成拒绝服务或特权提升。 Amarok 1.4.9 1 目前没有解决方案提供： http://amarok.kde.org/...