CVE-2007-0237 : The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite ar

The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published 2007-03-19 19:19:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-0237

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

http://secunia.com/advisories/24590

About Secunia Research | Flexera
Patch;Vendor Advisory
http://secunia.com/advisories/24377

About Secunia Research | Flexera
Vendor Advisory
http://www.securityfocus.com/bid/23026
http://bugs.gentoo.org/show_bug.cgi?id=197306

197306 – (CVE-2007-0237) app-emacs/lookup insecure temp file creation (CVE-2007-0237)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33052

lookup ndeb-binary symlink CVE-2007-0237 Vulnerability Report
http://security.gentoo.org/glsa/glsa-200712-07.xml

Lookup: Insecure temporary file creation (GLSA 200712-07) — Gentoo security
http://www.securitytracker.com/id?1017792

Access Denied
http://osvdb.org/34263
http://secunia.com/advisories/28023

About Secunia Research | Flexera
http://www.debian.org/security/2007/dsa-1269

[SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file
Patch;Vendor Advisory

Jump to