CVE-2007-6061

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 21-11-2007 12:46

Last modified: - 07-02-2022 08:43

Total changes: - 2

Description

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

vendor=audacityteam AND product=audacity AND version=1.3.2

Reference

http://bugs.gentoo.org/show_bug.cgi?id=199751
26608-Broken Link, Third Party Advisory, VDB Entry
27841-Broken Link
GLSA-200803-03-Third Party Advisory
29206-Broken Link
MDVSA-2008:074-Broken Link
FEDORA-2008-3456-Third Party Advisory
FEDORA-2008-3511-Third Party Advisory
30191-Broken Link
ADV-2007-4025-Broken Link

Keywords

CVE-2007-6061

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-6061

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures