CVE-2007-4631

2007-08-3122:17:00

Debian Security Bug Tracker

security-tracker.debian.org

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

OSVersionArchitecturePackageVersionFilename
Debian12allqgit< 1.5.5-1.1qgit_1.5.5-1.1_all.deb
Debian11allqgit< 1.5.5-1.1qgit_1.5.5-1.1_all.deb
Debian10allqgit< 1.5.5-1.1qgit_1.5.5-1.1_all.deb
Debian999allqgit< 1.5.5-1.1qgit_1.5.5-1.1_all.deb
Debian13allqgit< 1.5.5-1.1qgit_1.5.5-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qgit	< 1.5.5-1.1	qgit_1.5.5-1.1_all.deb
Debian	11	all	qgit	< 1.5.5-1.1	qgit_1.5.5-1.1_all.deb
Debian	10	all	qgit	< 1.5.5-1.1	qgit_1.5.5-1.1_all.deb
Debian	999	all	qgit	< 1.5.5-1.1	qgit_1.5.5-1.1_all.deb
Debian	13	all	qgit	< 1.5.5-1.1	qgit_1.5.5-1.1_all.deb