CVE-2008-0167

Sažetak

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Reference

http://secunia.com/advisories/30088
http://secunia.com/advisories/30286
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz
http://www.debian.org/security/2008/dsa-1577
http://www.securityfocus.com/bid/29215
http://www.vupen.com/english/advisories/2008/1537/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42456

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:29

Objavljeno

18-05-2008 - 14:20