{
  "threat_severity" : "Low",
  "public_date" : "2008-01-22T00:00:00Z",
  "bugzilla" : {
    "description" : "cp symlink overwrite",
    "id" : "356471",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=356471"
  },
  "details" : [ "cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination." ],
  "statement" : "This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5,\nThis issue affects the fileutils package in Red Hat Enterprise Linux 2.1.\nThis issue affects the coreutils package in Red Hat Enterprise Linux 3.\nThe coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue.\nGiven this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux.\nFor more information please see:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=356471",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-4998\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4998" ],
  "name" : "CVE-2007-4998",
  "csaw" : false
}