Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-1057

The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.

Published

2007-02-21T23:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	nortel	alteon_2424_application_switch	23.2	No
Hardware	nortel	ssl_vpn_module_1000	*	No
Hardware	nortel	vpn_gateway_3070	*	No
Application	nortel	net_direct_client	≤ 6.0.4	Yes

References

http://osvdb.org/33304 ([email protected])
http://secunia.com/advisories/24231 Vendor Advisory ([email protected])
http://spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compromise.html ([email protected])
http://www.securityfocus.com/bid/22632 ([email protected])
http://www.securitytracker.com/id?1017678 ([email protected])
http://www.vupen.com/english/advisories/2007/0671 ([email protected])
http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021886-01.pdf ([email protected])
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540071 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32597 ([email protected])
https://www.exploit-db.com/exploits/3356 ([email protected])
http://osvdb.org/33304 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24231 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compromise.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22632 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1017678 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0671 (af854a3a-2127-422b-91ae-364da2661108)
http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021886-01.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540071 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32597 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/3356 (af854a3a-2127-422b-91ae-364da2661108)