Bug 356471 (CVE-2007-4998)
Summary: | CVE-2007-4998 cp symlink overwrite | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | meyering, ovasik, security-response-team, twaugh, varekova |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-22 22:32:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2007-10-29 14:16:02 UTC
Given the age of this flaw, along with the low severity, I am opening this bug up to the public. Summary of affected versions of cp shipped in fileutils, coreutils and busybox packages in Red Hat Enterprise Linux and Fedora: - fileutils (RHEL2.1 only) - is affected by this problem, but this issue can only be used to overwrite existing files, not to create new files - coreutils - RHEL3 - similar to cp version shipped in fileutils package in RHEL2.1, can only by used to overwrite existing files; additionally, warning is printed when file is overwritten - RHEL4, RHEL5, Fedora - not affected - busybox - RHEL2.1, RHEL3 - affected, cp can be tricked to overwrite existing files or create new files - RHEL4, RHEL5, F7 - affected, only overwrite of already existing file is possible - F8 - not affected Due to the very low severity of this flaw, and the fact that fixing it changes how cp works, we don't plan to fix the affected versions. This flaw is fixed in all packages that ship a cp utility from Fedora 8 onward. |