CVE-2007-4998

Linux Kernel - Symlink Following

Title source: rule

Description

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

References (3)

[Issue Tracking] https://issues.rpath.com/browse/RPL-2023

[Third Party Advisory, VDB Entry] http://osvdb.org/43228

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=356471

Scores

EPSS 0.0009

EPSS Percentile 26.4%

Classification

CWE

CWE-59

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Jan 31, 2008

Tracked Since Feb 18, 2026