Lucene search

PRIOn knowledge basePRION:CVE-2007-6358

HistoryDec 15, 2007 - 1:46 a.m.

Code injection

2007-12-1501:46:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.

CPENameOperatorVersion
pdftopseq<= 1.1.19rc1

CPE	Name	Operator	Version
	pdftops	eq	<= 1.1.19rc1

References

osvdb.org/42029

secunia.com/advisories/28113

secunia.com/advisories/28139

secunia.com/advisories/28200

secunia.com/advisories/28386

www.cups.org/articles.php?L515

www.debian.org/security/2007/dsa-1437

www.gentoo.org/security/en/glsa/glsa-200712-14.xml

www.securityfocus.com/bid/26919

www.ubuntu.com/usn/usn-563-1

bugs.gentoo.org/show_bug.cgi?id=201042

6.3 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2007-6358