[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0167Date: (C)2008-05-18   (M)2023-12-22


The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-29215
SECUNIA-30088
SECUNIA-30286
ADV-2008-1537
DSA-1577
gforge-unspecified-symlink(42456)
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz

CPE    1
cpe:/o:debian:debian_linux:4.0
CWE    1
CWE-59
OVAL    1
oval:org.mitre.oval:def:8030

© SecPod Technologies