Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-2027HistoryApr 13, 2007 - 6:19 p.m.
CVE-2007-2027
2007-04-1318:19:00
Debian Security Bug Tracker
security-tracker.debian.org
10
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
25.7%
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a “…/po” directory, which can be leveraged to conduct format string attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | elinks | < 0.11.1-1.4 | elinks_0.11.1-1.4_all.deb |
| Debian | 11 | all | elinks | < 0.11.1-1.4 | elinks_0.11.1-1.4_all.deb |
| Debian | 999 | all | elinks | < 0.11.1-1.4 | elinks_0.11.1-1.4_all.deb |
| Debian | 13 | all | elinks | < 0.11.1-1.4 | elinks_0.11.1-1.4_all.deb |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-457-1)
2009-03-23 00:00:00
Ubuntu Update for elinks vulnerability USN-457-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200706-03 (elinks)
2008-09-24 00:00:00
gentoo
gentoo
ELinks: User-assisted execution of arbitrary code
2007-06-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:39:10
cve
cve
CVE-2007-2027
2007-04-13 18:19:00
ubuntu
ubuntu
elinks vulnerability
2007-05-07 00:00:00
ubuntucve
ubuntucve
CVE-2007-2027
2007-04-13 00:00:00
prion
prion
Format string
2007-04-13 18:19:00
cvelist
cvelist
CVE-2007-2027
2007-04-13 18:00:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-457-1)
2007-11-10 00:00:00
GLSA-200706-03 : ELinks: User-assisted execution of arbitrary code
2007-06-07 00:00:00
Scientific Linux Security Update : elinks on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
securityvulns
securityvulns
elinks format string vulnerability
2007-04-16 00:00:00
nvd
nvd
CVE-2007-2027
2007-04-13 18:19:00
oraclelinux
oraclelinux
elinks security update
2009-10-01 00:00:00
redhat
redhat
(RHSA-2009:1471) Important: elinks security update
2009-10-01 00:00:00
centos
centos
elinks security update
2009-10-06 11:12:59
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
25.7%
Related for DEBIANCVE:CVE-2007-2027