3.3

CVE-2007-5200

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version10.2
OpensuseOpensuse Version10.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.273
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:N/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://secunia.com/advisories/27229
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_20_sr.html
http://osvdb.org/42224
http://secunia.com/advisories/27623
Vendor Advisory
http://secunia.com/advisories/27653
Vendor Advisory
http://secunia.com/advisories/27952
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200712-01.xml
http://www.securityfocus.com/bid/26730
https://bugzilla.redhat.com/show_bug.cgi?id=332401
https://bugzilla.redhat.com/show_bug.cgi?id=362851
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html