CVE-2008-3699
First published: Thu Aug 14 2008(Updated: )
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gitolite | =1.4.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
- http://amarok.kde.org/en/releases/1/4/10
- http://websvn.kde.org/?view=rev&revision=846626
- http://secunia.com/advisories/31418
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.455790
- http://secunia.com/advisories/31663
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:172
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00097.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00057.html
- http://secunia.com/advisories/31839
- http://security.gentoo.org/glsa/glsa-200809-08.xml
- http://www.ubuntu.com/usn/usn-657-1
- http://www.securityfocus.com/bid/30662
- http://secunia.com/advisories/32357
- http://www.vupen.com/english/advisories/2008/2338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44399
Frequently Asked Questions
What is the severity of CVE-2008-3699?
CVE-2008-3699 is classified as a moderate severity vulnerability due to its potential for local users to exploit file overwrite capabilities.
How do I fix CVE-2008-3699?
To fix CVE-2008-3699, upgrade to Amarok version 1.4.10 or later which includes the necessary patches.
What type of attack does CVE-2008-3699 involve?
CVE-2008-3699 involves a symlink attack that allows local users to overwrite arbitrary files.
Which versions of Amarok are affected by CVE-2008-3699?
Amarok versions prior to 1.4.10, specifically including version 1.4.9.1, are affected by CVE-2008-3699.
Can remote attackers exploit CVE-2008-3699?
No, CVE-2008-3699 can only be exploited by local users on the affected system.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/amarok
- canonical/gitolite
- version/gitolite/1.4.9.1