Symlink Vulnerability in OpenLDAP by Gentoo
CVE-2007-0476

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 25 January 2007

What is CVE-2007-0476?

The gencert.sh script used for installing OpenLDAP on Gentoo Linux fails to securely create temporary directories in /tmp prior to specific versions. This oversight allows local users to perform symlink attacks, leading to the potential overwriting of arbitrary files, thereby compromising system integrity. Users are advised to upgrade to the latest versions to mitigate this risk.

References

http://www.vupen.com/english/advisories/2007/0305

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23881

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22195

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2007
Vulnerability Reserved
Jan 24, 2007