CVE-2007-4998

Description

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

How to fix CVE-2007-4998

To remediate CVE-2007-4998, upgrade the affected package to a fixed version below.

• Debian/coreutils—upgrade to 4.1.2 or later

Is CVE-2007-4998 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.1.2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4998