CVE-2007-5200 - Vulnerability Details - OpenCVE

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*

No data.

References

Link	Providers
http://osvdb.org/42224
http://secunia.com/advisories/27229
http://secunia.com/advisories/27623
http://secunia.com/advisories/27653
http://secunia.com/advisories/27952
http://security.gentoo.org/glsa/glsa-200712-01.xml
http://www.novell.com/linux/security/advisories/2007_20_sr.html
http://www.securityfocus.com/bid/26730
https://bugzilla.redhat.com/show_bug.cgi?id=332401
https://bugzilla.redhat.com/show_bug.cgi?id=362851
https://nvd.nist.gov/vuln/detail/CVE-2007-5200
https://www.cve.org/CVERecord?id=CVE-2007-5200
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-14T18:00:00

Updated: 2024-08-07T15:24:42.190Z

Reserved: 2007-10-04T00:00:00

Link: CVE-2007-5200

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-14T18:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5200

Redhat

Severity : Moderate

Publid Date: 2007-10-14T00:00:00Z

Links: CVE-2007-5200 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27623"}, {"name": "GLSA-200712-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"}, {"name": "FEDORA-2007-2989", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"}, {"name": "27952", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27952"}, {"name": "27653", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27653"}, {"name": "27229", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27229"}, {"name": "26730", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26730"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"}, {"name": "SUSE-SR:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"}, {"name": "42224", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42224"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5200", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27623"}, {"name": "GLSA-200712-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"}, {"name": "FEDORA-2007-2989", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=362851", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"}, {"name": "27952", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27952"}, {"name": "27653", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27653"}, {"name": "27229", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27229"}, {"name": "26730", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26730"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=332401", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"}, {"name": "SUSE-SR:2007:020", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"}, {"name": "42224", "refsource": "OSVDB", "url": "http://osvdb.org/42224"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.190Z"}, "title": "CVE Program Container", "references": [{"name": "27623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27623"}, {"name": "GLSA-200712-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"}, {"name": "FEDORA-2007-2989", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"}, {"name": "27952", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27952"}, {"name": "27653", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27653"}, {"name": "27229", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27229"}, {"name": "26730", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26730"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"}, {"name": "SUSE-SR:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"}, {"name": "42224", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42224"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5200", "datePublished": "2007-10-14T18:00:00", "dateReserved": "2007-10-04T00:00:00", "dateUpdated": "2024-08-07T15:24:42.190Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file."}, {"lang": "es", "value": "hugin, tal como se utiliza en varios sistemas operativos, incluyendo SUSE openSUSE versi\u00f3n 10.2 y versi\u00f3n 10.3, permite a los usuarios locales sobrescribir archivos arbitrarios mediante un ataque de symlink en el archivo temporal hugin_debug_optim_results.txt."}], "id": "CVE-2007-5200", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-14T18:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/42224"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27229"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27623"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27653"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27952"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26730"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200712-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00199.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}