ID CVE-2007-2030
Summary lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 2.1
    cpe:2.3:o:redhat:enterprise_linux:2.1
  • Red Hat Enterprise Linux 3.0
    cpe:2.3:o:redhat:enterprise_linux:3.0
  • Red Hat Enterprise Linux 4.0
    cpe:2.3:o:redhat:enterprise_linux:4.0
  • cpe:2.3:o:redhat:fedora_core:core_5.0
    cpe:2.3:o:redhat:fedora_core:core_5.0
CVSS
Base: 4.9 (as of 17-04-2007 - 14:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
nessus via4
NASL family Mandriva Local Security Checks
NASL id MANDRAKE_MDKSA-2007-117.NASL
description lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Updated packages have been patched to prevent this issue.
last seen 2019-02-21
modified 2018-07-19
plugin id 25441
published 2007-06-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25441
title Mandrake Linux Security Advisory : lha (MDKSA-2007:117)
refmap via4
bid 24336
confirm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585
mandriva MDKSA-2007:117
osvdb 37049
secunia 25519
xf lha-lharc-symlink(34063)
statements via4
contributor Joshua Bressers
lastmodified 2007-04-18
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 13-11-2008 - 01:37
Published 16-04-2007 - 16:19
Last modified 28-07-2017 - 21:31
Back to Top