Vulnerability Name:

CVE-2007-3921 (CCN-38329)

Assigned:2007-11-07
Published:2007-11-07
Updated:2017-07-29
Summary:gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-59
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2007-3921

Source: OSVDB
Type: UNKNOWN
42117

Source: SECUNIA
Type: UNKNOWN
27549

Source: CCN
Type: SA27586
GForge Insecure Temporary Files

Source: SECUNIA
Type: UNKNOWN
27586

Source: DEBIAN
Type: UNKNOWN
DSA-1402

Source: DEBIAN
Type: DSA-1402-1
gforge -- insecure temporary files

Source: DEBIAN
Type: DSA-1402
gforge -- insecure temporary files

Source: CCN
Type: OSVDB ID: 42117
GForge Symlink Arbitrary File Truncation

Source: BID
Type: UNKNOWN
26373

Source: CCN
Type: BID-26373
GForge Insecure Temporary File Creation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3773

Source: XF
Type: UNKNOWN
gforge-files-symlink(38329)

Source: XF
Type: UNKNOWN
gforge-files-symlink(38329)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gforge:gforge:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gforge:gforge:4.5.14:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gforge:gforge:4.5.14:*:*:*:*:*:*:*
  • OR cpe:/a:gforge:gforge:3.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18639
    P
    		DSA-1402-1 gforge - insecure temporary files
    2014-06-23
    oval:org.debian:def:1402
    V
    		insecure temporary files
    2007-11-07
    BACK
    gforge gforge 3.1
    gforge gforge 4.5.14
    gforge gforge 4.5.14
    gforge gforge 3.1
    debian debian linux 3.1
    debian debian linux 4.0