C* music player: Insecure temporary file usage
Gentoo Linux Security Advisory
||GLSA 200909-08 / cmus
||September 09, 2009
||September 09, 2009: 01
All supported architectures
An insecure temporary file usage has been reported in the C* music player,
allowing for symlink attacks.
The C* Music Player (cmus) is a modular and very configurable
ncurses-based audio player.
Dmitry E. Oboukhov reported that cmus-status-display does not handle
the "/tmp/cmus-status" temporary file securely.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All C* music player users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/cmus-2.2.0-r1"