Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-6061

Published: 20 November 2007

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.

Notes

AuthorNote
fujitsu
The denial of service requires changing the ownership of the
directory after audacity is already running.

Priority

Low

Status

Package Release Status
audacity
Launchpad, Ubuntu, Debian
dapper
Released (1.2.4b-2ubuntu2.1)
edgy Ignored
(end of life, was needed)
feisty
Released (1.2.6-0ubuntu1.1)
gutsy
Released (1.3.3-1ubuntu0.1)
upstream Needed