FrSIRT - Mandriva Security Update Fixes Audacity Insecure Temporary File / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes Audacity Insecure Temporary File

Title : Mandriva Security Update Fixes Audacity Insecure Temporary File
Advisory ID : FrSIRT/ADV-2008-0951
CVE ID : CVE-2007-6061
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-03-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by local attackers to bypass security restrictions and cause a denial of service [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
5ebb4356f5e9410fb34fd13b1d9f52e0 2007.1/i586/audacity-1.3.2-4.1mdv2007.1.i586.rpm
b209fd344cd78af953a44187221e24b4 2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
495b67476845f9831c5aa509cb4fed56 2007.1/x86_64/audacity-1.3.2-4.1mdv2007.1.x86_64.rpm
b209fd344cd78af953a44187221e24b4 2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
ba5c283112363eb7a5ba759ee19db460 2008.0/i586/audacity-1.3.3-1.1mdv2008.0.i586.rpm
07e566b52f9c14b4fb457d317ace5132 2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b6e400b8db075cb58e1a3d739fbcd45c 2008.0/x86_64/audacity-1.3.3-1.1mdv2008.0.x86_64.rpm
07e566b52f9c14b4fb457d317ace5132 2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm

Corporate 3.0:
8b6718bc8dfa06a369b56d4b54506c82 corporate/3.0/i586/audacity-1.2.0-1.1.C30mdk.i586.rpm
646559674bbb1a57cb867b8122a1794d corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
de7a02ceda34724803ac961ba153523b corporate/3.0/x86_64/audacity-1.2.0-1.1.C30mdk.x86_64.rpm
646559674bbb1a57cb867b8122a1794d corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm

ChangeLog

2008-03-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

	Microsoft Office Word Document Handling Code Execution Vulnerability
	Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)
	Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)
	Microsoft Windows Explorer Remote Code Execution (MS08-038)
	Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)
	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability