C* music player: Insecure temporary file usage — GLSA 200909-08

An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks.

Affected Packages

media-sound/cmus on all architectures
Affected versions < 2.2.0-r1
Unaffected versions >= 2.2.0-r1

Background

The C* Music Player (cmus) is a modular and very configurable ncurses-based audio player.

Description

Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely.

Impact

A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All C* music player users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/cmus-2.2.0-r1"

References

Release Date
September 09, 2009

Latest Revision
September 09, 2009: 01

Severity
normal

Exploitable
local

Bugzilla entries