CVE Vulnerability

CVE-2007-0476

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://security.gentoo.org/glsa/glsa-200701-19.xml
http://secunia.com/advisories/23881 Vendor Advisory
http://www.securityfocus.com/bid/22195
http://osvdb.org/31617
http://www.vupen.com/english/advisories/2007/0305
Configurations

Configuration 1

cpe:2.3:o:gentoo:linux:2.1.30:r9:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:2.3.30:r2:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:2.2.28:r7:*:*:*:*:*:*
Information

Published : 2007-01-25 12:28

Updated : 2011-03-08 02:49

NVD link : CVE-2007-0476

Mitre link : CVE-2007-0476

Products Affected
No products.
CWE
NVD-CWE-Other