Vulnerability Description
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nortel | Alteon 2424 Application Switch | 23.2 |
| Nortel | Ssl Vpn Module 1000 | All versions |
| Nortel | Vpn Gateway 3070 | All versions |
| Nortel | Net Direct Client | <= 6.0.4 |
References
- http://osvdb.org/33304
- http://secunia.com/advisories/24231Vendor Advisory
- http://spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compro
- http://www.securityfocus.com/bid/22632
- http://www.securitytracker.com/id?1017678
- http://www.vupen.com/english/advisories/2007/0671
- http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021886-
- http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540071Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32597
- https://www.exploit-db.com/exploits/3356
- http://osvdb.org/33304
- http://secunia.com/advisories/24231Vendor Advisory
- http://spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compro
- http://www.securityfocus.com/bid/22632
- http://www.securitytracker.com/id?1017678
FAQ
What is CVE-2007-1057?
CVE-2007-1057 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local use...
How severe is CVE-2007-1057?
CVE-2007-1057 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1057?
Check the references section above for vendor advisories and patch information. Affected products include: Nortel Alteon 2424 Application Switch, Nortel Ssl Vpn Module 1000, Nortel Vpn Gateway 3070, Nortel Net Direct Client.