CVE-2009-3304

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.debian.org/security/2009/dsa-1945 Patch
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz Patch
http://www.securityfocus.com/bid/37195 Patch
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gforge:gforge:4.5.14:*:*:*:*:*:*:*
cpe:2.3:a:gforge:gforge:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:gforge:gforge:4.7:rc2:*:*:*:*:*:*
Information

Published : 2009-12-04 11:30

Updated : 2009-12-06 21:00

NVD link : CVE-2009-3304

Mitre link : CVE-2009-3304

JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa
Products Affected

gforge

  • gforge