id3lib: Insecure temporary file creation — GLSA 200709-08

A vulnerability has been discovered in id3lib allowing local users to overwrite arbitrary files via a symlink attack.

Affected packages

media-libs/id3lib on all architectures
Affected versions < 3.8.3-r6
Unaffected versions >= 3.8.3-r6

Background

id3lib is an open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags.

Description

Nikolaus Schulz discovered that the function RenderV2ToFile() in file src/tag_file.cpp creates temporary files in an insecure manner.

Impact

A local attacker could exploit this vulnerability via a symlink attack to overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All id3lib users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/id3lib-3.8.3-r6"

References

Release date
September 15, 2007

Latest revision
September 15, 2007: 01

Severity
normal

Exploitable
local

Bugzilla entries