Vulnerability CVE-2007-4460

Vulnerability Name:

CVE-2007-4460 (CCN-36371)

Assigned:

2007-08-17

Published:

2007-08-17

Updated:

2008-09-05

Summary:

The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: CCN
Type: Debian Bug report logs - #438540
libid3-3.8.3c2a: creates insecure temporary files

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540

Source: MITRE
Type: CNA
CVE-2007-4460

Source: CCN
Type: Fedora Project Web site
Fedora Project

Source: CCN
Type: id3lib Web site
id3lib - The ID3v1/ID3v2 Tagging Library

Source: CCN
Type: SA26536
id3lib Insecure Temporary File Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
26536

Source: SECUNIA
Type: UNKNOWN
26646

Source: SECUNIA
Type: UNKNOWN
26793

Source: SECUNIA
Type: UNKNOWN
26818

Source: SECUNIA
Type: UNKNOWN
26987

Source: GENTOO
Type: UNKNOWN
GLSA-200709-08

Source: CCN
Type: SECTRACK ID: 1018667
id3lib Symlink Bug May Let Local Users Gain Elevated Privileges

Source: DEBIAN
Type: UNKNOWN
DSA-1365

Source: DEBIAN
Type: DSA-1365
id3lib3.8.3 -- programming error

Source: CCN
Type: GLSA-200709-08
id3lib: Insecure temporary file creation

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:180

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:019

Source: CCN
Type: OSVDB ID: 39631
id3lib (aka libid3) tag_file.cpp RenderV2ToFile Function Symlink Arbitrary File Overwrite

Source: BID
Type: Exploit
25372

Source: CCN
Type: BID-25372
id3lib Insecure Temporary File Creation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018667

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253553

Source: CCN
Type: Red Hat Bugzilla Bug 253553
CVE-2007-4460 id3lib doesn't use mkstemp() to create a name of a temporary file

Source: XF
Type: UNKNOWN
id3lib-renderv2tofile-symlink(36371)

Source: SUSE
Type: SUSE-SR:2007:019
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:id3lib:id3lib:3.8.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20074460	V	CVE-2007-4460	2022-09-02
oval:org.opensuse.security:def:112431	P	id3lib-3.8.3-266.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:11244	P	Security update for prosody (Important)	2022-01-14
oval:org.opensuse.security:def:10196	P	Security update for net-snmp (Important)	2021-12-27
oval:org.opensuse.security:def:9829	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10433	P	Security update for go1.16 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10386	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:9123	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9631	P	Security update for fetchmail (Moderate)	2021-12-14
oval:org.opensuse.security:def:9427	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:9612	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10665	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:9408	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:9597	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9795	P	Security update for curl (Moderate)	2021-10-06
oval:org.opensuse.security:def:105937	P	id3lib-3.8.3-266.5 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:9401	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:10339	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:9393	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:9782	P	Security update for dovecot23 (Moderate)	2021-08-31
oval:org.opensuse.security:def:9578	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:9569	P	Security update for nodejs8 (Important)	2021-08-20
oval:org.opensuse.security:def:9773	P	Security update for djvulibre (Important)	2021-08-20
oval:org.opensuse.security:def:10121	P	Security update for qemu (Important)	2021-07-23
oval:org.opensuse.security:def:10687	P	Security update for transfig (Moderate)	2021-07-22
oval:org.opensuse.security:def:10293	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:9736	P	Security update for salt (Critical)	2021-06-21
oval:org.opensuse.security:def:10102	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:9731	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:10285	P	Security update for python-rsa (Important)	2021-06-17
oval:org.opensuse.security:def:9350	P	Security update for caribou (Important)	2021-06-17
oval:org.opensuse.security:def:9346	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:9527	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:15763	P	id3lib-3.8.3-261.135 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15967	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10271	P	Security update for pam_radius (Moderate)	2021-06-08
oval:org.opensuse.security:def:10272	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:16200	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124464	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15586	P	id3lib-3.8.3-261.135 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16458	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10087	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:9714	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:10263	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:11222	P	Security update for mpv (Important)	2021-05-27
oval:org.opensuse.security:def:9504	P	Security update for java-11-openjdk (Important)	2021-05-11
oval:org.opensuse.security:def:9502	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:10074	P	Security update for python-Pygments (Important)	2021-05-04
oval:org.opensuse.security:def:10251	P	Security update for sca-patterns-sle11 (Important)	2021-05-04
oval:org.opensuse.security:def:9300	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:9482	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:10229	P	Security update for tomcat (Important)	2021-03-30
oval:org.opensuse.security:def:10420	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:9474	P	Security update for libass (Important)	2021-03-24
oval:org.opensuse.security:def:10221	P	Security update for python (Moderate)	2021-03-11
oval:org.opensuse.security:def:9863	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:9101	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:10401	P	Security update for java-1_8_0-openjdk (Moderate)	2021-03-01
oval:org.opensuse.security:def:9093	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:9844	P	Security update for webkit2gtk3 (Important)	2021-02-24
oval:org.opensuse.security:def:9414	P	Security update for python (Important)	2021-02-09
oval:org.opensuse.security:def:9591	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:9550	P	Security update for nodejs8 (Moderate)	2021-01-26
oval:org.opensuse.security:def:9325	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:9706	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:9392	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:9278	P	Security update for webkit2gtk3 (Important)	2020-12-17
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:10027	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:16758	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3922	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:9270	P	Security update for java-1_8_0-openjdk (Important)	2020-12-02
oval:org.opensuse.security:def:9994	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10923	P	gegl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10520	P	libmspack-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10455	P	id3lib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9216	P	perl-Archive-Zip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10005	P	tomcat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9972	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10014	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10495	P	libfbembed-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9169	P	libusbmuxd4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9963	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9964	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9250	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10040	P	bash-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10945	P	id3lib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9938	P	libxerces-c-3_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10052	P	dovecot22-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9231	P	python-PyYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10571	P	mozilla-nspr-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:19953	P	DSA-1365-1 id3lib3.8.3	2014-06-23
oval:org.mitre.oval:def:20106	P	DSA-1365-3 id3lib3.8.3 - denial of service	2014-06-23
oval:org.mitre.oval:def:20499	P	DSA-1365-2 id3lib3.8.3 - denial of service	2014-06-23
oval:org.debian:def:1365	V	programming error	2007-10-02

BACK