Lucene search

[email protected]CVE-2007-5207

HistoryOct 04, 2007 - 9:17 p.m.

CVE-2007-5207

2007-10-0421:17:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2007-5207

guilt 0.27

local users

symlink attack

security vulnerability

6.5 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.

CPENameOperatorVersion
debian:guiltdebian guilteq0.27

CPE	Name	Operator	Version
debian:guilt	debian guilt	eq	0.27

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=445308

osvdb.org/41534

secunia.com/advisories/27076

www.securityfocus.com/bid/25941

exchange.xforce.ibmcloud.com/vulnerabilities/36970

6.5 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-5207

cvelist1 prion1 debiancve1 ubuntucve1