Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:074 (audacity)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.60601

Category: Mandrake Local Security Checks

Title: Mandrake Security Advisory MDVSA-2008:074 (audacity)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to audacity
announced via advisory MDVSA-2008:074.

Audacity creates a temporary directory with a predictable name without
checking for previous existence of that directory, which allows local
users to cause a denial of service (recording deadlock) by creating
the directory before Audacity is run. This issue can also be leveraged
to delete arbitrary files or directories via a symlink attack.

The updated package fixes the issue.

Affected: 2007.1, 2008.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:074

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6061
BugTraq ID: 26608
http://www.securityfocus.com/bid/26608
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.html
http://security.gentoo.org/glsa/glsa-200803-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:074
http://secunia.com/advisories/27841
http://secunia.com/advisories/29206
http://secunia.com/advisories/30191
http://www.vupen.com/english/advisories/2007/4025

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.60601
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:074 (audacity)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to audacity announced via advisory MDVSA-2008:074. Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack. The updated package fixes the issue. Affected: 2007.1, 2008.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:074 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6061 BugTraq ID: 26608 http://www.securityfocus.com/bid/26608 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.html http://security.gentoo.org/glsa/glsa-200803-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:074 http://secunia.com/advisories/27841 http://secunia.com/advisories/29206 http://secunia.com/advisories/30191 http://www.vupen.com/english/advisories/2007/4025
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com