CVE-2007-0476

4 documents4 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 78.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Linux

Timeline

PublishedJan 25

Latest updateMay 1

Description

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDgentoo/linux2.1.30, 2.2.28, 2.3.30+2

🔴Vulnerability Details

GHSA

GHSA-ghpq-6gcw-8x6r: The gencert↗2022-05-01

▶

CVEList

CVE-2007-0476: The gencert↗2007-01-25

▶

💥Exploits & PoCs

Exploit-DB

Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)↗2007-03-07

▶