Vulnerability Details : CVE-2007-6358
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.
Products affected by CVE-2007-6358
- cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6358
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6358
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:N |
3.9
|
6.9
|
NIST |
Vendor statements for CVE-2007-6358
-
Red Hat 2007-12-18Not vulnerable. Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 do not ship with the alternate pdftops.pl CUPS printing filter that is affected by this flaw.
References for CVE-2007-6358
-
https://bugs.gentoo.org/show_bug.cgi?id=201042
201042 – net-print/cups < 1.2.12-r4 insecure temporary file creation in pdftops (CVE-2007-6358)Exploit
-
http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml
CUPS: Multiple vulnerabilities (GLSA 200712-14) — Gentoo security
-
http://www.ubuntu.com/usn/usn-563-1
USN-563-1: CUPS vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2007/dsa-1437
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities
-
http://www.cups.org/articles.php?L515
Page Has Moved - CUPS.org
-
http://www.securityfocus.com/bid/26919
Jump to