CVE-2007-4998

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/43228
https://bugzilla.redhat.com/show_bug.cgi?id=356471
https://issues.rpath.com/browse/RPL-2023

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-31 21:00

Updated : 2008-11-15 06:59

NVD link : CVE-2007-4998

Mitre link : CVE-2007-4998

CVE.ORG link : CVE-2007-4998

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2007-4998", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-01-31T21:00:00.000", "references": [{"url": "http://osvdb.org/43228", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-2023", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination."}, {"lang": "es", "value": "El comando cp, cuando se ejecuta con una opci\u00f3n para preservar enlaces simb\u00f3licos en m\u00faltiples sistemas operativos, permite a atacantes locales ayudados por usuarios sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlaces simb\u00f3licos utilizando directorios manipulados que contienen m\u00faltiples archivos fuente que se copian al mismo destino"}], "lastModified": "2008-11-15T06:59:20.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5,\n\nThis issue affects the fileutils package in Red Hat Enterprise Linux 2.1.\n\nThis issue affects the coreutils package in Red Hat Enterprise Linux 3.\n\nThe coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue.\n\nGiven this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux.\n\nFor more information please see:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=356471", "lastModified": "2008-02-12T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}