CVE-2007-5200 : hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

Published 2007-10-14 18:17:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-5200

Opensuse » Opensuse » Version: 10.3
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 10.2
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-5200

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-5200

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:P	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-5200

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5200

https://bugzilla.redhat.com/show_bug.cgi?id=362851

362851 – CVE-2007-5200 hugin unsafe temporary file usage [F7]
http://secunia.com/advisories/27952

About Secunia Research | Flexera
Vendor Advisory
http://secunia.com/advisories/27623

About Secunia Research | Flexera
Vendor Advisory
http://www.securityfocus.com/bid/26730
http://secunia.com/advisories/27653

About Secunia Research | Flexera
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html

[SECURITY] Fedora 7 Update: hugin-0.6.1-11.fc7
http://security.gentoo.org/glsa/glsa-200712-01.xml

Hugin: Insecure temporary file creation (GLSA 200712-01) — Gentoo security
https://bugzilla.redhat.com/show_bug.cgi?id=332401

332401 – (CVE-2007-5200) CVE-2007-5200 hugin unsafe temporary file usage
http://secunia.com/advisories/27229

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2007_20_sr.html

404 Page Not Found | SUSE

CVEs referencing this url
http://osvdb.org/42224

Jump to

Vulnerability Details : CVE-2007-5200

Products affected by CVE-2007-5200

Exploit prediction scoring system (EPSS) score for CVE-2007-5200

CVSS scores for CVE-2007-5200

CWE ids for CVE-2007-5200

References for CVE-2007-5200