Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3699

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2008-3699
Last Modified 07 Mar 2011 10:11:11
Published 14 Aug 2008 07:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3699

Summary

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

Vulnerable Systems

Application

  • Amarok 1.4.9.1


References

FEDORA - FEDORA-2008-7719

FEDORA - FEDORA-2008-7739

XF - amarok-magnatunebrowser-symlink(44399)

VUPEN - ADV-2008-2338

UBUNTU - USN-657-1

BID - 30662

MANDRIVA - MDVSA-2008:172

CONFIRM - http://websvn.kde.org/?view=rev&revision=846626

SLACKWARE - SSA:2008-241-01

GENTOO - GLSA-200809-08

SECUNIA - 32357

SECUNIA - 31839

SECUNIA - 31663

SECUNIA - 31418

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765

CONFIRM - http://amarok.kde.org/en/releases/1/4/10


Last Updated: 27 May 2016 10:48:16