{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-15T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2023"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471"}, {"name": "43228", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/43228"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.992Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-2023"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471"}, {"name": "43228", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/43228"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4998", "datePublished": "2008-01-31T20:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2024-08-07T15:17:27.992Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination."}, {"lang": "es", "value": "El comando cp, cuando se ejecuta con una opci\u00f3n para preservar enlaces simb\u00f3licos en m\u00faltiples sistemas operativos, permite a atacantes locales ayudados por usuarios sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlaces simb\u00f3licos utilizando directorios manipulados que contienen m\u00faltiples archivos fuente que se copian al mismo destino"}], "id": "CVE-2007-4998", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-01-31T21:00:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/43228"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/43228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-2023"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5,\n\nThis issue affects the fileutils package in Red Hat Enterprise Linux 2.1.\n\nThis issue affects the coreutils package in Red Hat Enterprise Linux 3.\n\nThe coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue.\n\nGiven this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux.\n\nFor more information please see:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=356471", "lastModified": "2008-02-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cp symlink overwrite", "id": "356471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=356471"}, "csaw": false, "details": ["cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination."], "name": "CVE-2007-4998", "public_date": "2008-01-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4998\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4998"], "statement": "This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5,\nThis issue affects the fileutils package in Red Hat Enterprise Linux 2.1.\nThis issue affects the coreutils package in Red Hat Enterprise Linux 3.\nThe coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue.\nGiven this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux.\nFor more information please see:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=356471", "threat_severity": "Low"}