ID |
CVE-2007-2056
|
Summary |
** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable." |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 |
Impact: | |
Exploitability: | |
|
Access |
Vector | Complexity | Authentication |
|
|
|
|
Impact |
Confidentiality | Integrity | Availability |
|
|
|
|
refmap
via4
|
|
Last major update |
11-09-2008 - 00:52 |
Published |
30-04-2007 - 22:19 |
Last modified |
11-09-2008 - 00:52 |