Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-0007

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

Related bugs and status

CVE-2007-0007 (Candidate) is related to these bugs:

Bug #86906: tmp file overwrites

Summary				In	Importance	Status
	86906	tmp file overwrites		gnucash (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
SECUNIA: 24225
MANDRIVA: MDKSA-2007:046
BID: 22610
SECUNIA: 24226
FEDORA: FEDORA-2007-256
SECUNIA: 24317
VUPEN: ADV-2007-0653
CONFIRM: http://sourceforge.net...
XF: gnucash-symlink(32558)