CVE-2010-2945

Sažetak

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

Reference

http://secunia.com/advisories/41005
http://svn.berlios.de/viewvc/slim?view=revision&revision=171
http://www.openwall.com/lists/oss-security/2010/08/19/8
http://www.openwall.com/lists/oss-security/2010/08/20/10

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

31-08-2010 - 04:00

Objavljeno

30-08-2010 - 20:00