ID CVE-2007-4460
Summary The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
References
Vulnerable Configurations
  • cpe:2.3:a:id3lib:id3lib:3.8.3
    cpe:2.3:a:id3lib:id3lib:3.8.3
CVSS
Base: 7.2 (as of 22-08-2007 - 11:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_15EC9123706111DCB372001921AB2FA4.NASL
    description Debian Bug report log reports : When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking. This would silently truncate and overwrite an existing $foo.XXXXXX.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 26212
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26212
    title FreeBSD : id3lib -- insecure temporary file creation (15ec9123-7061-11dc-b372-001921ab2fa4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11786.NASL
    description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41150
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41150
    title SuSE9 Security Update : id3lib (YOU Patch Number 11786)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1365.NASL
    description Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 25965
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25965
    title Debian DSA-1365-3 : id3lib3.8.3 - programming error
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-180.NASL
    description A programming error was found in id3lib by Nikolaus Schulz that could lead to a denial of service through symlink attacks. Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 26047
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26047
    title Mandrake Linux Security Advisory : id3lib (MDKSA-2007:180)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ID3LIB-4316.NASL
    description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27269
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27269
    title openSUSE 10 Security Update : id3lib (id3lib-4316)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1774.NASL
    description This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27732
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27732
    title Fedora 7 : id3lib-3.8.3-17.fc7 (2007-1774)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200709-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200709-08 (id3lib: Insecure temporary file creation) Nikolaus Schulz discovered that the function RenderV2ToFile() in file src/tag_file.cpp creates temporary files in an insecure manner. Impact : A local attacker could exploit this vulnerability via a symlink attack to overwrite arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 26098
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26098
    title GLSA-200709-08 : id3lib: Insecure temporary file creation
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ID3LIB-4317.NASL
    description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29462
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29462
    title SuSE 10 Security Update : id3lib (ZYPP Patch Number 4317)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_GNOME_20130924.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. (CVE-2007-4460) - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an 'invalid memory access' in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. (CVE-2013-1788) - splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. (CVE-2013-1789) - poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. (CVE-2013-1790)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80625
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80625
    title Oracle Solaris Third-Party Patch Update : gnome (cve_2007_4460_symlink_attack)
refmap via4
bid 25372
confirm
debian DSA-1365
gentoo GLSA-200709-08
mandriva MDKSA-2007:180
sectrack 1018667
secunia
  • 26536
  • 26646
  • 26793
  • 26818
  • 26987
suse SUSE-SR:2007:019
Last major update 05-09-2008 - 17:28
Published 21-08-2007 - 17:17
Back to Top