CVE-2007-2027 - Vulnerability Details - OpenCVE

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elinks	Elinks
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
elinks-0:0.9.2-4.el4_8.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1471	2009-10-01T00:00:00Z
Red Hat Enterprise Linux 5
elinks-0:0.11.1-6.el5_4.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1471	2009-10-01T00:00:00Z

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789
http://osvdb.org/35668
http://secunia.com/advisories/25169
http://secunia.com/advisories/25198
http://secunia.com/advisories/25255
http://secunia.com/advisories/25550
http://security.gentoo.org/glsa/glsa-200706-03.xml
http://www.securityfocus.com/bid/23844
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-457-1
http://www.vupen.com/english/advisories/2007/1686
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411
https://nvd.nist.gov/vuln/detail/CVE-2007-2027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741
https://www.cve.org/CVERecord?id=CVE-2007-2027

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-13T18:00:00

Updated: 2024-08-07T13:23:50.463Z

Reserved: 2007-04-13T00:00:00

Link: CVE-2007-2027

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-13T18:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2027

Redhat

Severity : Low

Publid Date: 2007-04-04T00:00:00Z

Links: CVE-2007-2027 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25550", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25550"}, {"name": "2007-0017", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0017/"}, {"name": "USN-457-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-457-1"}, {"name": "25198", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25198"}, {"name": "ADV-2007-1686", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1686"}, {"name": "35668", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35668"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"}, {"name": "oval:org.mitre.oval:def:9741", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"}, {"name": "23844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23844"}, {"name": "25169", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25169"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"}, {"name": "25255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25255"}, {"name": "GLSA-200706-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2027", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25550", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25550"}, {"name": "2007-0017", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0017/"}, {"name": "USN-457-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-457-1"}, {"name": "25198", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25198"}, {"name": "ADV-2007-1686", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1686"}, {"name": "35668", "refsource": "OSVDB", "url": "http://osvdb.org/35668"}, {"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"}, {"name": "oval:org.mitre.oval:def:9741", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"}, {"name": "23844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23844"}, {"name": "25169", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25169"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"}, {"name": "25255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25255"}, {"name": "GLSA-200706-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.463Z"}, "title": "CVE Program Container", "references": [{"name": "25550", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25550"}, {"name": "2007-0017", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0017/"}, {"name": "USN-457-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-457-1"}, {"name": "25198", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25198"}, {"name": "ADV-2007-1686", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1686"}, {"name": "35668", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35668"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"}, {"name": "oval:org.mitre.oval:def:9741", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"}, {"name": "23844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23844"}, {"name": "25169", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25169"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"}, {"name": "25255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25255"}, {"name": "GLSA-200706-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2027", "datePublished": "2007-04-13T18:00:00", "dateReserved": "2007-04-13T00:00:00", "dateUpdated": "2024-08-07T13:23:50.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A59D584-A2D1-421B-BA8B-7EC4EC459B3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."}, {"lang": "es", "value": "Una vulnerabilidad de ruta (path) de b\u00fasqueda no confiable en la funci\u00f3n add_filename_to_string en el archivo intl/gettext/loadmsgcat.c para Elinks versi\u00f3n 0.11.1, permite a usuarios locales causar que Elinks use un cat\u00e1logo de mensajes gettext no confiable (archivo .po) en un directorio \"../po\", que puede ser aprovechado para conducir ataques de cadena de formato."}], "evaluatorImpact": "An untrusted message catalog might lead to a format-string attack when an\r\nattacker tricks user into launching links from a particular directory.\r\n", "id": "CVE-2007-2027", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-04-13T18:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35668"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25169"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25198"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25255"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25550"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23844"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0017/"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-457-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1686"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0017/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-457-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html", "lastModified": "2009-10-02T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}