CVE-2007-6209 — Insecure Temporary File in ZSH

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 78.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 4

Latest updateMay 1

Description

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

▶debiandebian/zsh< zsh 4.3.4-dev-3-2 (bookworm)

▶Debianzsh/zsh< 4.3.4-dev-3-2+3

▶NVDzsh/zsh4.3.4

GHSA

GHSA-jvq3-qvh3-fg4x: Util/difflog↗2022-05-01

▶

OSV

CVE-2007-6209: Util/difflog↗2007-12-04

▶

Red Hat

zsh insecure /tmp file usage↗2007-12-02

▶

Debian

CVE-2007-6209: zsh - Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via...↗2007

▶

Bugzilla

CVE-2007-6209 zsh insecure /tmp file usage↗2007-12-04

▶