CVE-2007-4460 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4460
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4460

Description: The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.

CVE Status: Candidate

References: SUSE http://www.novell.com/linux/security/advisories/2007_19_sr.html ST 1018667 SAID Secunia Advisory: SA26536 Secunia Advisory: SA26646 Secunia Advisory: SA26793 Secunia Advisory: SA26818 Secunia Advisory: SA26987 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:180 GENTOO http://security.gentoo.org/glsa/glsa-200709-08.xml DEBIAN http://www.debian.org/security/2007/dsa-1365 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540 BID 25372

Return to the previous page.