Audacity 1.3.2 creates a temporary directory with a predictable name
without checking for previous existence of that directory, which allows
local users to cause a denial of service (recording deadlock) by creating
the directory before Audacity is run. NOTE: this issue can be leveraged to
delete arbitrary files or directories via a symlink attack.
Author | Note |
---|---|
fujitsu | The denial of service requires changing the ownership of the directory after audacity is already running. |
sourceforge.net/mailarchive/forum.php?thread_name=d08.220e2918.3472d3de%40aol.com&forum_name=audacity-users
sourceforge.net/mailarchive/forum.php?thread_name=Pine.LNX.4.63.0711162007530.24246%40t-4009-01.studat.chalmers.se&forum_name=audacity-users
launchpad.net/bugs/cve/CVE-2007-6061
nvd.nist.gov/vuln/detail/CVE-2007-6061
security-tracker.debian.org/tracker/CVE-2007-6061
www.cve.org/CVERecord?id=CVE-2007-6061