CVE-2007-6061
Publication date 20 November 2007
Last updated 24 July 2024
Ubuntu priority
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Status
Package | Ubuntu Release | Status |
---|---|---|
audacity | 7.10 gutsy |
Fixed 1.3.3-1ubuntu0.1
|
7.04 feisty |
Fixed 1.2.6-0ubuntu1.1
|
|
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper |
Fixed 1.2.4b-2ubuntu2.1
|
Notes
fujitsu
The denial of service requires changing the ownership of the directory after audacity is already running.
References
Other references
- http://sourceforge.net/mailarchive/forum.php?thread_name=Pine.LNX.4.63.0711162007530.24246%40t-4009-01.studat.chalmers.se&forum_name=audacity-users
- http://sourceforge.net/mailarchive/forum.php?thread_name=d08.220e2918.3472d3de%40aol.com&forum_name=audacity-users
- https://www.cve.org/CVERecord?id=CVE-2007-6061