Description of problem: The "MagnatuneBrowser::listDownloadComplete()" function in Amarok 1.4.9.1 and prior versions handles temporary files in an insecure manner. This flaw can be used by a malicious unprivileged user via symlink attack in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application (potential privilege escalation). Version-Release number of selected component (if applicable): 1.4.9.1 and prior versions. How reproducible: No reproducer Proposed patch: http://websvn.kde.org/?view=rev&revision=846626 Public mentions of this issue: http://secunia.com/advisories/31418/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765 http://bugs.gentoo.org/show_bug.cgi?id=234689
From CVE description: The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
amarok-1.4.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
amarok-1.4.10-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.