Lucene search

[email protected]CVE-2007-5495

HistoryMay 23, 2008 - 3:32 p.m.

CVE-2007-5495

2008-05-2315:32:00

CWE-59

[email protected]

web.nvd.nist.gov

sealert

setroubleshoot

symlink attack

cve-2007-5495

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch5.0server

redhatenterprise_linux_desktopMatch5client

AND

selinuxsetroubleshootMatch2.0.5

CPENameOperatorVersion
selinux:setroubleshootselinux setroubleshooteq2.0.5

CPE	Name	Operator	Version
selinux:setroubleshoot	selinux setroubleshoot	eq	2.0.5

References

secunia.com/advisories/30339

securitytracker.com/id?1020077

www.redhat.com/support/errata/RHSA-2008-0061.html

www.securityfocus.com/bid/29320

bugzilla.redhat.com/show_bug.cgi?id=288221

exchange.xforce.ibmcloud.com/vulnerabilities/42591

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-5495

cvelist1 nvd1 veracode1 prion1 openvas3 nessus3 oraclelinux1 redhat1