------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-24 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2008-08-15 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Description =========== The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application. Affected packages: Pardus 2008: amarok, all before 1.4.9.1-52-4 amarok-docs, all before 1.4.9.1-52-4 Pardus 2007: amarok, all before 1.4.9.1-50-37 amarok-docs, all before 1.4.9.1-50-38 Resolution ========== There are update(s) for amarok, amarok-docs. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up amarok amarok-docs Pardus 2007: pisi up amarok amarok-docs References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 * http://secunia.com/advisories/31418 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765 * http://websvn.kde.org/?view=rev&revision=846626 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/