PT-2007-7030 · Unknown · Scanbuttond

Published

2007-11-26

Updated

2011-03-08

CVE-2007-6131

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions scanbuttond version 0.2.3

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files created by buttonpressed.sh in scanbuttond.

Recommendations For scanbuttond version 0.2.3, consider restricting access to the temporary files scan.pnm and scan.jpg to prevent a symlink attack until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2007-6131

Affected Products

Scanbuttond

PT-2007-7030 · Unknown · Scanbuttond

CVE-2007-6131

Weakness Enumeration

Related Identifiers

Affected Products

References · 7