Vulnerability Name:

CVE-2007-4460 (CCN-36371)

Assigned:2007-08-17
Published:2007-08-17
Updated:2008-09-05
Summary:The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Debian Bug report logs - #438540
libid3-3.8.3c2a: creates insecure temporary files

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540

Source: MITRE
Type: CNA
CVE-2007-4460

Source: CCN
Type: Fedora Project Web site
Fedora Project

Source: CCN
Type: id3lib Web site
id3lib - The ID3v1/ID3v2 Tagging Library

Source: CCN
Type: SA26536
id3lib Insecure Temporary File Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
26536

Source: SECUNIA
Type: UNKNOWN
26646

Source: SECUNIA
Type: UNKNOWN
26793

Source: SECUNIA
Type: UNKNOWN
26818

Source: SECUNIA
Type: UNKNOWN
26987

Source: GENTOO
Type: UNKNOWN
GLSA-200709-08

Source: CCN
Type: SECTRACK ID: 1018667
id3lib Symlink Bug May Let Local Users Gain Elevated Privileges

Source: DEBIAN
Type: UNKNOWN
DSA-1365

Source: DEBIAN
Type: DSA-1365
id3lib3.8.3 -- programming error

Source: CCN
Type: GLSA-200709-08
id3lib: Insecure temporary file creation

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:180

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:019

Source: CCN
Type: OSVDB ID: 39631
id3lib (aka libid3) tag_file.cpp RenderV2ToFile Function Symlink Arbitrary File Overwrite

Source: BID
Type: Exploit
25372

Source: CCN
Type: BID-25372
id3lib Insecure Temporary File Creation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018667

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253553

Source: CCN
Type: Red Hat Bugzilla Bug 253553
CVE-2007-4460 id3lib doesn't use mkstemp() to create a name of a temporary file

Source: XF
Type: UNKNOWN
id3lib-renderv2tofile-symlink(36371)

Source: SUSE
Type: SUSE-SR:2007:019
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:id3lib:id3lib:3.8.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20074460
    V
    		CVE-2007-4460
    2022-09-02
    oval:org.opensuse.security:def:112431
    P
    		id3lib-3.8.3-266.5 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:11244
    P
    		Security update for prosody (Important)
    2022-01-14
    oval:org.opensuse.security:def:10196
    P
    		Security update for net-snmp (Important)
    2021-12-27
    oval:org.opensuse.security:def:9829
    P
    		Security update for python3 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:10433
    P
    		Security update for go1.16 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:10386
    P
    		Security update for p11-kit (Important)
    2021-12-22
    oval:org.opensuse.security:def:9123
    P
    		Security update for xorg-x11-server (Important)
    2021-12-21
    oval:org.opensuse.security:def:9631
    P
    		Security update for fetchmail (Moderate)
    2021-12-14
    oval:org.opensuse.security:def:9427
    P
    		Security update for openssh (Important)
    2021-12-03
    oval:org.opensuse.security:def:9612
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:10665
    P
    		Security update for transfig (Important)
    2021-10-29
    oval:org.opensuse.security:def:9408
    P
    		Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:9597
    P
    		Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:9795
    P
    		Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:105937
    P
    		id3lib-3.8.3-266.5 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:9401
    P
    		Security update for ffmpeg (Important)
    2021-09-23
    oval:org.opensuse.security:def:10339
    P
    		Security update for openssl-1_1 (Low)
    2021-09-07
    oval:org.opensuse.security:def:9393
    P
    		Security update for xerces-c (Important)
    2021-09-02
    oval:org.opensuse.security:def:9782
    P
    		Security update for dovecot23 (Moderate)
    2021-08-31
    oval:org.opensuse.security:def:9578
    P
    		Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:9569
    P
    		Security update for nodejs8 (Important)
    2021-08-20
    oval:org.opensuse.security:def:9773
    P
    		Security update for djvulibre (Important)
    2021-08-20
    oval:org.opensuse.security:def:10121
    P
    		Security update for qemu (Important)
    2021-07-23
    oval:org.opensuse.security:def:10687
    P
    		Security update for transfig (Moderate)
    2021-07-22
    oval:org.opensuse.security:def:10293
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:9736
    P
    		Security update for salt (Critical)
    2021-06-21
    oval:org.opensuse.security:def:10102
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-17
    oval:org.opensuse.security:def:9731
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-17
    oval:org.opensuse.security:def:10285
    P
    		Security update for python-rsa (Important)
    2021-06-17
    oval:org.opensuse.security:def:9350
    P
    		Security update for caribou (Important)
    2021-06-17
    oval:org.opensuse.security:def:9346
    P
    		Security update for containerd, docker, runc (Important)
    2021-06-11
    oval:org.opensuse.security:def:9527
    P
    		Security update for spice-gtk (Moderate)
    2021-06-10
    oval:org.opensuse.security:def:15763
    P
    		id3lib-3.8.3-261.135 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15967
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10271
    P
    		Security update for pam_radius (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10272
    P
    		Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:16200
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:124464
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15586
    P
    		id3lib-3.8.3-261.135 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16458
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10087
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:9714
    P
    		Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:10263
    P
    		Security update for ceph (Important)
    2021-06-02
    oval:org.opensuse.security:def:11222
    P
    		Security update for mpv (Important)
    2021-05-27
    oval:org.opensuse.security:def:9504
    P
    		Security update for java-11-openjdk (Important)
    2021-05-11
    oval:org.opensuse.security:def:9502
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:10074
    P
    		Security update for python-Pygments (Important)
    2021-05-04
    oval:org.opensuse.security:def:10251
    P
    		Security update for sca-patterns-sle11 (Important)
    2021-05-04
    oval:org.opensuse.security:def:9300
    P
    		Security update for MozillaFirefox (Important)
    2021-04-01
    oval:org.opensuse.security:def:9482
    P
    		Security update for MozillaFirefox (Important)
    2021-04-01
    oval:org.opensuse.security:def:10229
    P
    		Security update for tomcat (Important)
    2021-03-30
    oval:org.opensuse.security:def:10420
    P
    		Security update for gnutls (Important)
    2021-03-24
    oval:org.opensuse.security:def:9474
    P
    		Security update for libass (Important)
    2021-03-24
    oval:org.opensuse.security:def:10221
    P
    		Security update for python (Moderate)
    2021-03-11
    oval:org.opensuse.security:def:9863
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:9101
    P
    		Security update for python-cryptography (Important)
    2021-03-03
    oval:org.opensuse.security:def:10401
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-03-01
    oval:org.opensuse.security:def:9093
    P
    		Security update for python-Jinja2 (Important)
    2021-02-26
    oval:org.opensuse.security:def:9844
    P
    		Security update for webkit2gtk3 (Important)
    2021-02-24
    oval:org.opensuse.security:def:9414
    P
    		Security update for python (Important)
    2021-02-09
    oval:org.opensuse.security:def:9591
    P
    		Security update for openvswitch (Important)
    2021-02-03
    oval:org.opensuse.security:def:9550
    P
    		Security update for nodejs8 (Moderate)
    2021-01-26
    oval:org.opensuse.security:def:9325
    P
    		Security update for dnsmasq (Important)
    2021-01-19
    oval:org.opensuse.security:def:9706
    P
    		Security update for tcmu-runner (Important)
    2021-01-18
    oval:org.opensuse.security:def:9392
    P
    		Security update for dovecot23 (Important)
    2021-01-05
    oval:org.opensuse.security:def:9278
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-17
    oval:org.opensuse.security:def:10584
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:10027
    P
    		Security update for xen (Important)
    2020-12-04
    oval:org.opensuse.security:def:16758
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:3922
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:9270
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-02
    oval:org.opensuse.security:def:9994
    P
    		strongswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10923
    P
    		gegl-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10520
    P
    		libmspack-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10455
    P
    		id3lib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9216
    P
    		perl-Archive-Zip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10005
    P
    		tomcat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9972
    P
    		python on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10014
    P
    		wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10495
    P
    		libfbembed-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    		libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9169
    P
    		libusbmuxd4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9963
    P
    		perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9964
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9250
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10040
    P
    		bash-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10945
    P
    		id3lib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9938
    P
    		libxerces-c-3_1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10052
    P
    		dovecot22-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9231
    P
    		python-PyYAML on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10571
    P
    		mozilla-nspr-devel on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:19953
    P
    		DSA-1365-1 id3lib3.8.3
    2014-06-23
    oval:org.mitre.oval:def:20106
    P
    		DSA-1365-3 id3lib3.8.3 - denial of service
    2014-06-23
    oval:org.mitre.oval:def:20499
    P
    		DSA-1365-2 id3lib3.8.3 - denial of service
    2014-06-23
    oval:org.debian:def:1365
    V
    		programming error
    2007-10-02
    BACK
    id3lib id3lib 3.8.3