2 matches found
Scientific Linux Security Update : coolkey on SL5.x i386/x86_64
Steve Grubb discovered a flaw in the way coolkey created a temporary directory. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten. CVE-2007-4129 In addition, the updated packages contain fixes for the following bugs in the CAC Smart Card support : - CAC...
CVE-2007-4129
CVE-2007-4129 affects CoolKey 1.1.0, where a local attacker can exploit a symlink in /tmp/.pk11ipc1/ to overwrite arbitrary files. This is a local impact vulnerability with the root cause in how temporary folders are created. Public sources confirm the issue and reference vendor advisories and pa...