- Vulnerability/
- RHSA-2007:0631
RHSA-2007:0631: Low: coolkey security and bug fix update
First published: Wed Nov 07 2007(Updated: )
coolkey contains the driver support for the CoolKey and Common Access Card<br>(CAC) Smart Card products. The CAC is used by the U.S. Government.<br>Steve Grubb discovered a flaw in the way coolkey created a temporary<br>directory. A local attacker could perform a symlink attack and cause<br>arbitrary files to be overwritten. (CVE-2007-4129)<br>In addition, the updated packages contain fixes for the following bugs in<br>the CAC Smart Card support:<br><li> CAC Smart Cards can have from 1 to 3 certificates. The coolkey driver,</li> however, was not recognizing cards if they had less than 3 certificates.<br><li> logging into a CAC Smart Card token with a new application would cause</li> other, already authenticated, applications to lose their login status<br>unless the Smart Card was then removed from the reader and re-inserted.<br>All CAC users should upgrade to these updated packages, which resolve these<br>issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/coolkey | <1.1.0-5.el5 | 1.1.0-5.el5 |
| redhat/coolkey | <1.1.0-5.el5 | 1.1.0-5.el5 |
| redhat/coolkey-devel | <1.1.0-5.el5 | 1.1.0-5.el5 |
| redhat/coolkey-devel | <1.1.0-5.el5 | 1.1.0-5.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2007:0631
- agent/software-canonical-lookup
- package-manager/redhat