Ubuntu.comUB:CVE-2007-6061CVE-2007-6061
0.002 Low
EPSS
Percentile
57.4%
Audacity 1.3.2 creates a temporary directory with a predictable name
without checking for previous existence of that directory, which allows
local users to cause a denial of service (recording deadlock) by creating
the directory before Audacity is run. NOTE: this issue can be leveraged to
delete arbitrary files or directories via a symlink attack.
Bugs
Notes
| Author | Note |
|---|---|
| fujitsu | The denial of service requires changing the ownership of the directory after audacity is already running. |
References
sourceforge.net/mailarchive/forum.php?thread_name=d08.220e2918.3472d3de%40aol.com&forum_name=audacity-users
sourceforge.net/mailarchive/forum.php?thread_name=Pine.LNX.4.63.0711162007530.24246%40t-4009-01.studat.chalmers.se&forum_name=audacity-users
launchpad.net/bugs/cve/CVE-2007-6061
nvd.nist.gov/vuln/detail/CVE-2007-6061
security-tracker.debian.org/tracker/CVE-2007-6061
www.cve.org/CVERecord?id=CVE-2007-6061
Related
