[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0878Date: (C)2012-05-01   (M)2023-12-22


Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-48812
SECUNIA-50410
RHSA-2012:1206
http://www.openwall.com/lists/oss-security/2012/02/23/1
http://www.openwall.com/lists/oss-security/2012/02/23/4
http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471
https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4
https://bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve
https://bugzilla.redhat.com/show_bug.cgi?id=796790

CWE    1
CWE-264
OVAL    6
oval:org.secpod.oval:def:103618
oval:org.secpod.oval:def:103639
oval:org.secpod.oval:def:103643
oval:org.secpod.oval:def:500875
...

© SecPod Technologies