Lucene search

[email protected]CVE-2007-4631

HistoryAug 31, 2007 - 10:17 p.m.

CVE-2007-4631

2007-08-3122:17:00

CWE-59

[email protected]

web.nvd.nist.gov

qgit

security vulnerability

symlink attack

code execution

file overwrite

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

Affected configurations

NVD

Node

qgitqgitMatch1.5.6_2pre1

CPENameOperatorVersion
qgit:qgitqgiteq1.5.6_2pre1

CPE	Name	Operator	Version
qgit:qgit	qgit	eq	1.5.6_2pre1

References

bugs.gentoo.org/show_bug.cgi?id=190697

fedoranews.org/updates/FEDORA-2007-210.shtml

secunia.com/advisories/26738

secunia.com/advisories/26745

secunia.com/advisories/27098

security.gentoo.org/glsa/glsa-200710-05.xml

sourceforge.net/project/shownotes.php?release_id=538002

sourceforge.net/project/shownotes.php?release_id=538002&group_id=139897

www.securityfocus.com/bid/25618

www.vupen.com/english/advisories/2007/3107

bugzilla.redhat.com/show_bug.cgi?id=268381

exchange.xforce.ibmcloud.com/vulnerabilities/36503

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-4631

fedora1 ubuntucve1 nessus2 gentoo1 openvas4 debiancve1 prion1 nvd1 securityvulns2 cvelist1