FS#8203 : Security bug in id3lib

FS#8203 - Security bug in id3lib

Attached to Project: Arch Linux
Opened by Hussam Al-Tayeb (hussam) - Tuesday, 02 October 2007, 21:39 GMT
Last edited by Andreas Radke (AndyRTR) - Thursday, 04 October 2007, 16:18 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Andreas Radke (AndyRTR)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version	2007.08.1
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary:
"The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. "

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460

This task depends upon

Closed by Andreas Radke (AndyRTR)
Thursday, 04 October 2007, 16:18 GMT
Reason for closing: Fixed
Additional comments about closing: patch applied

Comment by Hussam Al-Tayeb (hussam) - Tuesday, 02 October 2007, 21:40 GMT

Attached fix

id3lib-3.8.3-CVE-2007-4460.pa... (1.4 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#8203 - Security bug in id3lib

Details

Loading...