CVE-2007-6061
published 2007-11-20CVE-2007-6061: Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.41%
87.4th percentile
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| audacityteam | audacity | — | — |
| audacityteam | audacity | >= 0 < 1.3.4-1.1 | 1.3.4-1.1 |
| audacityteam | audacity | >= 0 < 1.3.4-1.1 | 1.3.4-1.1 |
| audacityteam | audacity | >= 0 < 1.3.4-1.1 | 1.3.4-1.1 |
| audacityteam | audacity | >= 0 < 1.3.4-1.1 | 1.3.4-1.1 |
| debian | audacity | < audacity 1.3.4-1.1 (bookworm) | audacity 1.3.4-1.1 (bookworm) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Audacity insecure temporary file handling
vendor_redhat·2007-11-20·CVSS 5.0
CVE-2007-6061 [MEDIUM] CWE-377 Audacity insecure temporary file handling
Audacity insecure temporary file handling
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Debian
CVE-2007-6061: audacity - Audacity 1.3.2 creates a temporary directory with a predictable name without che...
vendor_debian·2007·CVSS 5.0
CVE-2007-6061 [MEDIUM] CVE-2007-6061: audacity - Audacity 1.3.2 creates a temporary directory with a predictable name without che...
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
Scope: local
bookworm: resolved (fixed in 1.3.4-1.1)
bullseye: resolved (fixed in 1.3.4-1.1)
forky: resolved (fixed in 1.3.4-1.1)
sid: resolved (fixed in 1.3.4-1.1)
trixie: resolved (fixed in 1.3.4-1.1)
GHSA
GHSA-3pxp-pwrp-2w6f: Audacity 1
ghsa_unreviewed·2022-05-01
CVE-2007-6061 [MEDIUM] CWE-59 GHSA-3pxp-pwrp-2w6f: Audacity 1
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
OSV
CVE-2007-6061: Audacity 1
osv·2007-11-20·CVSS 5.0
CVE-2007-6061 [MEDIUM] CVE-2007-6061: Audacity 1
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-6061: insecure tmpfile handling
bugzilla·2008-03-06·CVSS 5.0
CVE-2007-6061 [MEDIUM] CVE-2007-6061: insecure tmpfile handling
CVE-2007-6061: insecure tmpfile handling
Description of problem:
Viktor Griph reported that the "AudacityApp::OnInit()" method in file
src/AudacityApp.cpp does not handle temporary files properly.
A local attacker could exploit this vulnerability to conduct symlink attacks to
delete arbitrary files and directories with the privileges of the user running
Audacity.
Here is a patch from gentoo fixing this:
http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/media-sound/audacity/files/CVE-2007-6061.patch?rev=1.1
Discussion:
Note the date of the CVE.
Also known upstream and came up again just recently:
http://sourceforge.net/mailarchive/forum.php?thread_name=733f2c730803040303o679d28eeg224689218544d232%40mail.gmail.com&forum_name=audacity-devel
Users with security concerns can set
Bugzilla
CVE-2007-6061 Audacity insecure temporary file handling
bugzilla·2007-11-20·CVSS 5.0
CVE-2007-6061 [MEDIUM] CVE-2007-6061 Audacity insecure temporary file handling
CVE-2007-6061 Audacity insecure temporary file handling
Description of problem:
As per report from Gentoo (see URL) Anaconda uses a temporary file with
predictable name, which can be exploited locally by conducting a symlink attack
to remove arbitrary file from victim's home directory.
Discussion:
s/Anaconda/Audacity/
---
CVE identifier for this issue was requested.
---
Gentoo has released a security advisory to address this flaw:
http://www.gentoo.org/security/en/glsa/glsa-200803-03.xml
Here is the patch used by Gentoo:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/audacity/files/CVE-2007-6061.patch
---
Upstream discussion related to Gentoo patch:
http://sourceforge.net/mailarchive/forum.php?thread_name=733f2c730803040303o679d28eeg224689218544d232%40mail.gmail.
http://bugs.gentoo.org/show_bug.cgi?id=199751http://secunia.com/advisories/27841http://secunia.com/advisories/29206http://secunia.com/advisories/30191http://security.gentoo.org/glsa/glsa-200803-03.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:074http://www.securityfocus.com/bid/26608http://www.vupen.com/english/advisories/2007/4025https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=199751http://secunia.com/advisories/27841http://secunia.com/advisories/29206http://secunia.com/advisories/30191http://security.gentoo.org/glsa/glsa-200803-03.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:074http://www.securityfocus.com/bid/26608http://www.vupen.com/english/advisories/2007/4025https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.html
2007-11-20
Published