| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Tug TeXLive 2007 1.08 and classified as problematic. This affects an unknown function of the file feynmf.pl. Executing a manipulation of the argument feynmf$$.pl can lead to link following. This vulnerability is tracked as CVE-2007-5940. No exploit exists. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Tug TeXLive 2007 1.08. It has been declared as problematic. This vulnerability affects an unknown code of the file feynmf.pl. The manipulation of the argument feynmf$$.pl with an unknown input leads to a link following vulnerability. The CWE definition for the vulnerability is CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
The bug was discovered 11/06/2007. The weakness was disclosed 11/06/2007 (Website). The advisory is shared for download at vupen.com. This vulnerability was named CVE-2007-5940 since 11/13/2007. The exploitation appears to be easy. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 28321 (GLSA-200711-32 : Feynmf: Insecure temporary file creation), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (38512), Tenable (28321), SecurityFocus (BID 26507†), OSVDB (42397†) and Secunia (SA27737†). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Link followingCWE: CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 28321
Nessus Name: GLSA-200711-32 : Feynmf: Insecure temporary file creation
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 59252
OpenVAS Name: Gentoo Security Advisory GLSA 200711-32 (feynmf)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/06/2007 🔍11/06/2007 🔍
11/06/2007 🔍
11/13/2007 🔍
11/13/2007 🔍
11/20/2007 🔍
11/20/2007 🔍
11/21/2007 🔍
11/26/2007 🔍
11/26/2007 🔍
12/03/2007 🔍
03/16/2015 🔍
08/01/2019 🔍
Sources
Advisory: vupen.com⛔Status: Not defined
Confirmation: 🔍
CVE: CVE-2007-5940 (🔍)
GCVE (CVE): GCVE-0-2007-5940
GCVE (VulDB): GCVE-100-39652
X-Force: 38512
SecurityFocus: 26507 - feynmf feynmf.pl Insecure Temporary File Creation Vulnerability
Secunia: 27737 - feynmf Insecure Temporary File Creation, Less Critical
OSVDB: 42397 - feynmf feynmf.pl feynmf$$.pl Symlink Arbitrary File Overwrite
Vulnerability Center: 16970 - Feynmf.pl in TexLive 2007 Allows Local Users to Overwrite Files and Execute Arbitrary Code, Medium
Vupen: ADV-2007-3974
Entry
Created: 03/16/2015 13:43Updated: 08/01/2019 06:46
Changes: 03/16/2015 13:43 (82), 08/01/2019 06:46 (3)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.