Vulnerabilities > CVE-2007-4460 - Unspecified vulnerability in Id3Lib 3.8.3
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_15EC9123706111DCB372001921AB2FA4.NASL description Debian Bug report log reports : When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 26212 published 2007-10-03 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26212 title FreeBSD : id3lib -- insecure temporary file creation (15ec9123-7061-11dc-b372-001921ab2fa4) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1774.NASL description This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27732 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27732 title Fedora 7 : id3lib-3.8.3-17.fc7 (2007-1774) NASL family SuSE Local Security Checks NASL id SUSE_ID3LIB-4317.NASL description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460) last seen 2020-06-01 modified 2020-06-02 plugin id 29462 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29462 title SuSE 10 Security Update : id3lib (ZYPP Patch Number 4317) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1365.NASL description Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 25965 published 2007-09-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25965 title Debian DSA-1365-3 : id3lib3.8.3 - programming error NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-180.NASL description A programming error was found in id3lib by Nikolaus Schulz that could lead to a denial of service through symlink attacks. Updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26047 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26047 title Mandrake Linux Security Advisory : id3lib (MDKSA-2007:180) NASL family SuSE Local Security Checks NASL id SUSE9_11786.NASL description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460) last seen 2020-06-01 modified 2020-06-02 plugin id 41150 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41150 title SuSE9 Security Update : id3lib (YOU Patch Number 11786) NASL family SuSE Local Security Checks NASL id SUSE_ID3LIB-4316.NASL description This update fixes a bug that allows local attackers to overwrite arbitrary files. (CVE-2007-4460) last seen 2020-06-01 modified 2020-06-02 plugin id 27269 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27269 title openSUSE 10 Security Update : id3lib (id3lib-4316) NASL family Solaris Local Security Checks NASL id SOLARIS11_GNOME_20130924.NASL description The remote Solaris system is missing necessary patches to address security updates : - The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. (CVE-2007-4460) - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an last seen 2020-06-01 modified 2020-06-02 plugin id 80625 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80625 title Oracle Solaris Third-Party Patch Update : gnome (cve_2007_4460_symlink_attack) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200709-08.NASL description The remote host is affected by the vulnerability described in GLSA-200709-08 (id3lib: Insecure temporary file creation) Nikolaus Schulz discovered that the function RenderV2ToFile() in file src/tag_file.cpp creates temporary files in an insecure manner. Impact : A local attacker could exploit this vulnerability via a symlink attack to overwrite arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 26098 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26098 title GLSA-200709-08 : id3lib: Insecure temporary file creation
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540
- http://secunia.com/advisories/26536
- http://secunia.com/advisories/26646
- http://secunia.com/advisories/26793
- http://secunia.com/advisories/26818
- http://secunia.com/advisories/26987
- http://security.gentoo.org/glsa/glsa-200709-08.xml
- http://www.debian.org/security/2007/dsa-1365
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:180
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.securityfocus.com/bid/25372
- http://www.securitytracker.com/id?1018667
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253553