Bug 393251 (CVE-2007-6061)

Summary: CVE-2007-6061 Audacity insecure temporary file handling
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gemi, helpdesk-rnd
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.gentoo.org/show_bug.cgi?id=199751
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-25 10:18:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 436260    
Bug Blocks:    

Description Lubomir Kundrak 2007-11-20 21:59:26 UTC 
Description of problem:

As per report from Gentoo (see URL) Anaconda uses a temporary file with
predictable name, which can be exploited locally by conducting a symlink attack
to remove arbitrary file from victim's home directory.
Comment 1 Lubomir Kundrak 2007-11-20 22:00:08 UTC 
s/Anaconda/Audacity/
Comment 2 Lubomir Kundrak 2007-11-20 22:01:47 UTC 
CVE identifier for this issue was requested.
Comment 3 Tomas Hoger 2008-03-03 08:01:04 UTC 
Gentoo has released a security advisory to address this flaw:

http://www.gentoo.org/security/en/glsa/glsa-200803-03.xml

Here is the patch used by Gentoo:

http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/audacity/files/CVE-2007-6061.patch
Comment 4 Tomas Hoger 2008-03-06 13:33:59 UTC 
Upstream discussion related to Gentoo patch:

http://sourceforge.net/mailarchive/forum.php?thread_name=733f2c730803040303o679d28eeg224689218544d232%40mail.gmail.com&forum_name=audacity-devel
Comment 5 Huzaifa S. Sidhpurwala 2008-05-02 03:27:14 UTC 
Any idea, as to when this will be fixed in fedora?
Comment 6 Fedora Update System 2008-05-10 13:55:07 UTC 
audacity-1.3.2-21.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-05-10 13:56:17 UTC 
audacity-1.3.2-21.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Michael Schwendt 2008-05-13 21:05:56 UTC 
Auto-closing this failed due to a bug in bodhi.
Comment 9 Mark J. Cox 2008-05-14 08:44:57 UTC 
opening, shouldn't be autoclosed as this is the bug we use for tracing audacity
across all red hat products and services, not just Fedora.
Comment 11 Red Hat Product Security 2008-07-25 10:18:41 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3456
Comment 12 Red Hat Bugzilla 2009-10-23 19:06:11 UTC 
Reporter changed to security-response-team by request of Jay Turner.