Back to search
CVE-2008-3699
Published: Aug 14, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32357
third-party-advisory
x_refsource_SECUNIA
http://websvn.kde.org/?view=rev&revision=846626
x_refsource_CONFIRM
31418
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:172
vendor-advisory
x_refsource_MANDRIVA
USN-657-1
vendor-advisory
x_refsource_UBUNTU
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
x_refsource_MISC
http://amarok.kde.org/en/releases/1/4/10
x_refsource_CONFIRM
FEDORA-2008-7739
vendor-advisory
x_refsource_FEDORA
ADV-2008-2338
vdb-entry
x_refsource_VUPEN
31663
third-party-advisory
x_refsource_SECUNIA
GLSA-200809-08
vendor-advisory
x_refsource_GENTOO
amarok-magnatunebrowser-symlink(44399)
vdb-entry
x_refsource_XF
SSA:2008-241-01
vendor-advisory
x_refsource_SLACKWARE
30662
vdb-entry
x_refsource_BID
FEDORA-2008-7719
vendor-advisory
x_refsource_FEDORA
31839
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now