Lucene search
MitreCVE-2007-0476HistoryJan 25, 2007 - 12:28 a.m.
CVE-2007-0476
2007-01-2500:28:00
mitre
web.nvd.nist.gov
30
cve-2007-0476
openldap
symlink attack
gentoo linux
security vulnerability
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
Affected configurations
Node
gentoolinuxMatch2.1.30r9
ORgentoolinuxMatch2.2.28r7
ORgentoolinuxMatch2.3.30r2
Related
openvas
openvas
Gentoo Security Advisory GLSA 200701-19 (openldap)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200701-19 (openldap)
2008-09-24 00:00:00
securityvulns
securityvulns
OpenLDAP installation symbolic links vulnerability
2007-01-24 00:00:00
prion
prion
Design/Logic Flaw
2007-01-25 00:28:00
nvd
nvd
CVE-2007-0476
2007-01-25 00:28:00
gentoo
gentoo
OpenLDAP: Insecure usage of /tmp during installation
2007-01-23 00:00:00
nessus
nessus
GLSA-200701-19 : OpenLDAP: Insecure usage of /tmp during installation
2007-01-26 00:00:00
cvelist
cvelist
CVE-2007-0476
2007-01-25 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2007-0476