Red Hat Bugzilla – Bug 459135
CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc)
Last modified: 2010-12-23 17:32:40 EST
Description of problem:
The "MagnatuneBrowser::listDownloadComplete()" function in Amarok 126.96.36.199
and prior versions handles temporary files in an insecure manner. This flaw
can be used by a malicious unprivileged user via symlink attack in combination
with a race condition to overwrite arbitrary files with the privileges of the user running the application (potential privilege escalation).
Version-Release number of selected component (if applicable):
188.8.131.52 and prior versions.
Public mentions of this issue:
From CVE description:
The MagnatuneBrowser::listDownloadComplete function in
magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows
local users to overwrite arbitrary files via a symlink attack on the
album_info.xml temporary file.
amarok-1.4.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
amarok-1.4.10-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.