What is the severity of RHSA-2007:0631?

The severity of RHSA-2007:0631 is classified as moderate due to the potential for local attackers to exploit the symlink vulnerability.

How do I fix RHSA-2007:0631?

To fix RHSA-2007:0631, you should upgrade coolkey and coolkey-devel to version 1.1.0-5.el5 or later.

What are the affected software versions for RHSA-2007:0631?

The affected software for RHSA-2007:0631 includes coolkey and coolkey-devel versions below 1.1.0-5.el5.

What vulnerability does RHSA-2007:0631 address?

RHSA-2007:0631 addresses a local symlink attack vulnerability in the coolkey temporary directory creation process.

Who discovered the vulnerability in RHSA-2007:0631?

The vulnerability in RHSA-2007:0631 was discovered by Steve Grubb.

Vulnerability/
RHSA-2007:0631

7/11/2007

RHSA-2007:0631: Low: coolkey security and bug fix update

First published: Wed Nov 07 2007(Updated: )

coolkey contains the driver support for the CoolKey and Common Access Card (CAC) Smart Card products. The CAC is used by the U.S. Government. Steve Grubb discovered a flaw in the way coolkey created a temporary directory. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten. (CVE-2007-4129) In addition, the updated packages contain fixes for the following bugs in the CAC Smart Card support: <li> CAC Smart Cards can have from 1 to 3 certificates. The coolkey driver,</li> however, was not recognizing cards if they had less than 3 certificates. <li> logging into a CAC Smart Card token with a new application would cause</li> other, already authenticated, applications to lose their login status unless the Smart Card was then removed from the reader and re-inserted. All CAC users should upgrade to these updated packages, which resolve these issues.

Affected Software	Affected Version	How to fix
redhat/coolkey	<1.1.0-5.el5	1.1.0-5.el5
redhat/coolkey	<1.1.0-5.el5	1.1.0-5.el5
redhat/coolkey-devel	<1.1.0-5.el5	1.1.0-5.el5
redhat/coolkey-devel	<1.1.0-5.el5	1.1.0-5.el5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2007:0631?
The severity of RHSA-2007:0631 is classified as moderate due to the potential for local attackers to exploit the symlink vulnerability.
How do I fix RHSA-2007:0631?
To fix RHSA-2007:0631, you should upgrade coolkey and coolkey-devel to version 1.1.0-5.el5 or later.
What are the affected software versions for RHSA-2007:0631?
The affected software for RHSA-2007:0631 includes coolkey and coolkey-devel versions below 1.1.0-5.el5.
What vulnerability does RHSA-2007:0631 address?
RHSA-2007:0631 addresses a local symlink attack vulnerability in the coolkey temporary directory creation process.
Who discovered the vulnerability in RHSA-2007:0631?
The vulnerability in RHSA-2007:0631 was discovered by Steve Grubb.

agent/type
agent/severity
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/references
agent/title
agent/remedy
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2007:0631
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.