CVE-2007-1057

Name of the Vulnerable Software and Affected Versions: Nortel Application Switch 2424 Net Direct client versions prior to 6.0.5 Nortel VPN 3050 Net Direct client versions prior to 6.0.5 Nortel VPN 3070 Net Direct client versions prior to 6.0.5 Nortel SSL VPN Module 1000 Net Direct client versions prior to 6.0.5

Description: The issue allows local users to exploit a race condition, enabling them to replace a world-writable file in /tmp/NetClient. This can cause another user to execute arbitrary code when attempting to execute the client, as demonstrated by replacing /tmp/NetClient/client.

Recommendations: For Nortel Application Switch 2424 Net Direct client versions prior to 6.0.5, update to version 6.0.5 or later. For Nortel VPN 3050 Net Direct client versions prior to 6.0.5, update to version 6.0.5 or later. For Nortel VPN 3070 Net Direct client versions prior to 6.0.5, update to version 6.0.5 or later. For Nortel SSL VPN Module 1000 Net Direct client versions prior to 6.0.5, update to version 6.0.5 or later.