CVE-2007-1057

🗓️ 21 Feb 2007 23:00:00Reported by mitreType

The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, allowing local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2007-1057	21 Feb 200723:00	–	cvelist
EUVD	EUVD-2007-1054	7 Oct 202500:30	–	euvd
NVD	CVE-2007-1057	21 Feb 200723:28	–	nvd
Prion	Race condition	21 Feb 200723:28	–	prion
securityvulns	Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	16 Feb 200700:00	–	securityvulns
securityvulns	Nortel NetDirect client for Linux weak permissions	23 Feb 200700:00	–	securityvulns

NVD

Node

nortel alteon_2424_application_switchMatch23.2

AND

nortel ssl_vpn_module_1000

nortel vpn_gateway_3070

AND

nortel net_direct_clientRange≤6.0.4linux

Source	Link
osvdb	www.osvdb.org/33304
vupen	www.vupen.com/english/advisories/2007/0671
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/32597
www116	www.www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021886-01.pdf
securitytracker	www.securitytracker.com/id
exploit-db	www.exploit-db.com/exploits/3356
securityfocus	www.securityfocus.com/bid/22632
secunia	www.secunia.com/advisories/24231
spoofed	www.spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compromise.html
www130	www.www130.nortelnetworks.com/go/main.jsp

23 Apr 2026 00:35Current

7.2High risk

Vulners AI Score7.2

CVSS 26.9

EPSS0.00226