Bug 105588

Summary: VUL-0: kaudiocreator allows to overwrite arbitrary files
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Dirk Mueller <dmueller>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: aj, security-team
Version: Beta 2   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: patchinfos submitted
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dirk Mueller 2005-08-18 15:30:27 UTC 
There's a bug in kaudiocreator that allows to overwrite arbitrary files with 
audio content if CDDB lookup is used (by default) and the CDDB entry contains 
a title similiar to "/../../somefile" 
 
Although this smells like shell command injection, its not. the file names are 
properly quoted, except that it forgets to filter '/'.  
 
is this something that is worth patching? Bug is in all KDE 3.x releases
Comment 1 Dirk Mueller 2005-08-18 15:31:20 UTC 
forgot to mention that this came via KDE security, but we believe its not 
worth an advisory, we're however going to patch older revisions (current 
development is already fixed for several months) anyway.
Comment 2 Thomas Biege 2005-08-19 07:50:17 UTC 
I tend to vote for updating older version too because this bug can be used for
attacking a wide range of users easily.
Comment 3 Sebastian Krahmer 2005-09-05 11:14:19 UTC 
ping
Comment 4 Dirk Mueller 2005-09-05 11:18:58 UTC 
ok, so you want an update? looking
Comment 5 Dirk Mueller 2005-09-05 11:28:17 UTC 
do we treat it as security problem? I want to know who is writing the 
patchinfo..
Comment 6 Thomas Biege 2005-09-05 11:54:24 UTC 
Yes let's tag is "security".
Comment 7 Thomas Biege 2005-09-05 12:15:55 UTC 
Let me know if you are done submitting the packages I'll do the rest
Comment 8 Dirk Mueller 2005-09-05 13:32:16 UTC 
stable and 9.3 submitted, 9.2 is currently under test. this bug is KDE >= 
3.3.2 only so no other version (sles or similiar) is affected.
Comment 9 Thomas Biege 2005-09-05 14:09:35 UTC 
Maintenance-Tracker-2216
Comment 10 Dirk Mueller 2005-09-05 21:38:17 UTC 
9.2, 9.3 and stable submitted. needs update on x86/x86_64
Comment 11 Thomas Biege 2005-09-06 07:05:54 UTC 
Thanks.

/work/src/done/PATCHINFO/patchinfo-box.kmulmi
Comment 12 Thomas Biege 2005-09-08 10:45:38 UTC 
approved