CVE-2007-2056 - ** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local use

CVE-2007-2056

Summary

** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable."

References

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

refmap via4

bid	23696
bugtraq	20070427 AFFLIB(TM): Time-of-Check-Time-of-Use File Race 20070428 please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB" 20070429 Re: please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB"
misc	http://www.vsecurity.com/bulletins/advisories/2007/afflib-toctou.txt

Last major update

11-09-2008 - 00:52

Published

30-04-2007 - 22:19

Last modified

11-09-2008 - 00:52