CVE-2008-3699 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3699
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3699

Description: The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44399 UBUNTU http://www.ubuntu.com/usn/usn-657-1 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.455790 SAID Secunia Advisory: SA31839 Secunia Advisory: SA31663 Secunia Advisory: SA31418 Secunia Advisory: SA32357 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:172 GENTOO http://security.gentoo.org/glsa/glsa-200809-08.xml FEDORA CONFIRM http://amarok.kde.org/en/releases/1/4/10 http://websvn.kde.org/?view=rev&revision=846626 BID 30662

Return to the previous page.