CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-0476

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.7%

CVSS Severity

CVSS v2 Score 4.6

References

http://osvdb.org/31617
http://secunia.com/advisories/23881
http://security.gentoo.org/glsa/glsa-200701-19.xml
http://www.securityfocus.com/bid/22195
http://www.vupen.com/english/advisories/2007/0305
http://osvdb.org/31617
http://secunia.com/advisories/23881
http://security.gentoo.org/glsa/glsa-200701-19.xml
http://www.securityfocus.com/bid/22195
http://www.vupen.com/english/advisories/2007/0305

Products affected by CVE-2007-0476

Gentoo » Linux » Version: 2.1.30

cpe:2.3:o:gentoo:linux:2.1.30
Gentoo » Linux » Version: 2.2.28

cpe:2.3:o:gentoo:linux:2.2.28
Gentoo » Linux » Version: 2.3.30

cpe:2.3:o:gentoo:linux:2.3.30

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-0476

Products

Pricing

Contact Us