An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks.
|Package||media-sound/cmus on all architectures|
|Affected versions||< 2.2.0-r1|
|Unaffected versions||>= 2.2.0-r1|
The C* Music Player (cmus) is a modular and very configurable ncurses-based audio player.
Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
There is no known workaround at this time.
All C* music player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/cmus-2.2.0-r1"
September 09, 2009
September 09, 2009: 01