CVE-2007-5718 : vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create

vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.

Published 2007-10-30 21:46:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-5718

Vobcopy » Vobcopy » Version: 0.5.14
cpe:2.3:a:vobcopy:vobcopy:0.5.14:*:*:*:*:*:*:*
Matching versions
When used together with: Debian » Debian Linux » Version: 3.1
When used together with: Debian » Debian Linux » Version: 3.1 Alpha Edition
When used together with: Debian » Debian Linux » Version: 3.1 Amd64 Edition
When used together with: Debian » Debian Linux » Version: 3.1 ARM Edition
When used together with: Debian » Debian Linux » Version: 3.1 Hppa Edition
When used together with: Debian » Debian Linux » Version: 3.1 Ia-32 Edition
When used together with: Debian » Debian Linux » Version: 3.1 Ia-64 Edition
When used together with: Debian » Debian Linux » Version: 3.1 M68k Edition
When used together with: Debian » Debian Linux » Version: 3.1 Mips Edition
When used together with: Debian » Debian Linux » Version: 3.1 Mipsel Edition
When used together with: Debian » Debian Linux » Version: 3.1 PPC Edition
When used together with: Debian » Debian Linux » Version: 3.1 S-390 Edition
When used together with: Debian » Debian Linux » Version: 3.1 Sparc Edition
When used together with: Debian » Debian Linux » Version: 3.1 Update R1
When used together with: Debian » Debian Linux » Version: 3.2.4
When used together with: Debian » Debian Linux » Version: 4.0
When used together with: Debian » Debian Linux » Version: 4.0 Alpha Edition
When used together with: Debian » Debian Linux » Version: 4.0 Amd64 Edition
When used together with: Debian » Debian Linux » Version: 4.0 ARM Edition
When used together with: Debian » Debian Linux » Version: 4.0 Hppa Edition
When used together with: Debian » Debian Linux » Version: 4.0 Ia-32 Edition
When used together with: Debian » Debian Linux » Version: 4.0 Ia-64 Edition
When used together with: Debian » Debian Linux » Version: 4.0 M68k Edition
When used together with: Debian » Debian Linux » Version: 4.0 Mips Edition
When used together with: Debian » Debian Linux » Version: 4.0 Mipsel Edition
When used together with: Debian » Debian Linux » Version: 4.0 Powerpc Edition
When used together with: Debian » Debian Linux » Version: 4.0 S-390 Edition
When used together with: Debian » Debian Linux » Version: 4.0 Sparc Edition

Exploit prediction scoring system (EPSS) score for CVE-2007-5718

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-5718

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:C/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2007-5718

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5718

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448319

#448319 - CVE-2007-5718 insecure temporary file handling - Debian Bug report logs
http://secunia.com/advisories/27420

About Secunia Research | Flexera
Vendor Advisory
http://secunia.com/advisories/29259

About Secunia Research | Flexera
http://osvdb.org/41997
http://security.gentoo.org/glsa/glsa-200803-11.xml

Vobcopy: Insecure temporary file creation (GLSA 200803-11) — Gentoo security
https://exchange.xforce.ibmcloud.com/vulnerabilities/38172

vobcopy vobcopy.bla file symlink CVE-2007-5718 Vulnerability Report
http://www.securityfocus.com/bid/26233

Jump to

Vulnerability Details : CVE-2007-5718

Products affected by CVE-2007-5718

Exploit prediction scoring system (EPSS) score for CVE-2007-5718

CVSS scores for CVE-2007-5718

CWE ids for CVE-2007-5718

References for CVE-2007-5718