Ubuntu Security Notice 657-1 - Dwayne Litzenberger discovered that Amarok created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
831252da6ac77adf374732f200cc36cbf50b73a572e24608b7f061aeeac43594Gentoo Linux Security Advisory GLSA 200809-08 - Amarok uses temporary files in an insecure manner, allowing for a symlink attack. Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete() function in magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary file in an insecure manner. Versions less than 1.4.10 are affected.
a8677abbc4fd25501e2f4c6ef773ea98bc5581d088341c3ff7771de90a64c963Mandriva Linux Security Advisory - A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name. The updated packages have been patched to correct this issue.
0d264688899d2167dbf887dabf91ffafa4e1aa4caa375f120055a0a33aaacc86Pardus Linux Security Advisory - A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
d16110974dcef3470fc6cbffe3e9a7f9caf390c6bd780e26c1c6afc0a50d92f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed