Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4631

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-4631
Last Modified 13 Jul 2011 12:00:00
Published 31 Aug 2007 06:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4631

Summary

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

Vulnerable Systems

Application

  • Qgit 1.5.6 2pre1


References

BID - 25618

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=538002&group_id=139897

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=538002

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=190697

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=268381

XF - qgit-dataloader-symlink(36503)

VUPEN - ADV-2007-3107

GENTOO - GLSA-200710-05

SECUNIA - 27098

SECUNIA - 26745

SECUNIA - 26738

FEDORA - FEDORA-2007-2108


Last Updated: 27 May 2016 10:45:54