Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-4460HistoryAug 21, 2007 - 9:17 p.m.
CVE-2007-4460
2007-08-2121:17:00
Debian Security Bug Tracker
security-tracker.debian.org
8
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.3%
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | id3lib3.8.3 | < 3.8.3-7 | id3lib3.8.3_3.8.3-7_all.deb |
| Debian | 11 | all | id3lib3.8.3 | < 3.8.3-7 | id3lib3.8.3_3.8.3-7_all.deb |
| Debian | 999 | all | id3lib3.8.3 | < 3.8.3-7 | id3lib3.8.3_3.8.3-7_all.deb |
| Debian | 13 | all | id3lib3.8.3 | < 3.8.3-7 | id3lib3.8.3_3.8.3-7_all.deb |
Related
nessus
nessus
FreeBSD : id3lib -- insecure temporary file creation (15ec9123-7061-11dc-b372-001921ab2fa4)
2007-10-03 00:00:00
openSUSE 10 Security Update : id3lib (id3lib-4316)
2007-10-17 00:00:00
SuSE9 Security Update : id3lib (YOU Patch Number 11786)
2009-09-24 00:00:00
gentoo
gentoo
id3lib: Insecure temporary file creation
2007-09-15 00:00:00
securityvulns
securityvulns
id3lib symbolic links security vulnerability
2007-09-11 00:00:00
[SECURITY] [DSA 1365-1] New id3lib3.8.3 packages fix denial of service
2007-09-11 00:00:00
cvelist
cvelist
CVE-2007-4460
2007-08-21 21:00:00
nvd
nvd
CVE-2007-4460
2007-08-21 21:17:00
openvas
openvas
Debian Security Advisory DSA 1365-3 (id3lib3.8.3)
2008-01-17 00:00:00
Fedora Update for id3lib FEDORA-2007-1774
2009-02-27 00:00:00
SLES10: Security update for id3lib
2009-10-13 00:00:00
debian
debian
[SECURITY] [DSA 1365-1] New id3lib3.8.3 packages fix denial of service
2007-09-01 11:48:26
[SECURITY] [DSA 1365-3] New id3lib3.8.3 packages fix denial of service
2007-10-02 08:47:49
[SECURITY] [DSA 1365-2] New id3lib3.8.3 packages fix denial of service
2007-09-09 21:28:34
fedora
fedora
[SECURITY] Fedora 7 Update: id3lib-3.8.3-17.fc7
2007-08-24 05:40:57
ubuntucve
ubuntucve
CVE-2007-4460
2007-08-21 00:00:00
cve
cve
CVE-2007-4460
2007-08-21 21:17:00
freebsd
freebsd
id3lib -- insecure temporary file creation
2007-08-20 00:00:00
prion
prion
Design/Logic Flaw
2007-08-21 21:17:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.3%
Related for DEBIANCVE:CVE-2007-4460