CVE-2007-0476 : The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

Published 2007-01-25 00:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-0476

Gentoo » Linux » Version: 2.2.28 Update R7
cpe:2.3:o:gentoo:linux:2.2.28:r7:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 2.3.30 Update R2
cpe:2.3:o:gentoo:linux:2.3.30:r2:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 2.1.30 Update R9
cpe:2.3:o:gentoo:linux:2.1.30:r9:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-0476

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-0476

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-0476

Jump to

Vulnerability Details : CVE-2007-0476

Products affected by CVE-2007-0476

Exploit prediction scoring system (EPSS) score for CVE-2007-0476

CVSS scores for CVE-2007-0476

References for CVE-2007-0476