Symlink Vulnerability in Ampache Music Streaming Application
CVE-2008-3929

Currently unrated

Key Information:

Vendor: Ampache
Status: Ampache
Vendor: CVE Published:; 4 September 2008

What is CVE-2008-3929?

The music streaming application, Ampache version 3.4.1, contains a vulnerability in the 'gather-messages.sh' script that allows local users to exploit symlink attacks. By manipulating the '/tmp/filelist' temporary file, an attacker can overwrite arbitrary files on the system, potentially compromising sensitive data and interrupting the application's functionality. It is crucial for users to be aware of this issue and apply the necessary mitigations to safeguard their installations.

References

http://security.gentoo.org/glsa/glsa-200812-22.xml

vendor-advisoryx_refsource_GENTOO

http://www.openwall.com/lists/oss-security/2008/10/30/2

mailing-listx_refsource_MLIST

http://dev.gentoo.org/~rbu/security/debiantemp/ampache

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2008
Vulnerability Reserved
Sep 4, 2008