Mandriva Update For Audacity MDVSA-2008:074 (audacity) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack. The updated package fixes the issue.

Affected

audacity on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-6061

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:200 (libxml)

Mandriva Update for audacity MDVSA-2008:074 (audacity)

Take action and discover your vulnerabilities