Lucene search

Ubuntu.comUB:CVE-2007-6131

HistoryNov 26, 2007 - 12:00 a.m.

CVE-2007-6131

2007-11-2600:00:00

ubuntu.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite
arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg
temporary files.

Notes

Author	Note
jdstrand	giving medium priority because this is likely to be run as root
fujitsu	negligible as the code is commented out and in an example script

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchscanbuttond< 0.2.3-6UNKNOWN
ubuntu8.10noarchscanbuttond< 0.2.3-6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	scanbuttond	< 0.2.3-6	UNKNOWN
ubuntu	8.10	noarch	scanbuttond	< 0.2.3-6	UNKNOWN

References

bugzilla.redhat.com/show_bug.cgi?id=383131

launchpad.net/bugs/cve/CVE-2007-6131

nvd.nist.gov/vuln/detail/CVE-2007-6131

security-tracker.debian.org/tracker/CVE-2007-6131

www.cve.org/CVERecord?id=CVE-2007-6131

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for UB:CVE-2007-6131