CVE-2012-3475

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03	Patch
https://github.com/ushahidi/Ushahidi_Web/commit/7892559	Patch
http://openwall.com/lists/oss-security/2012/08/09/5

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ushahidi:ushahidi_platform::::::::
	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*

Information

Published : 2012-08-12 14:55

Updated : 2012-08-12 21:00

NVD link : CVE-2012-3475

Mitre link : CVE-2012-3475

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ushahidi

ushahidi_platform

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03", "name": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559", "name": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2012/08/09/5", "name": "[oss-security] 20120809 Re: CVE request for Ushahidi", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3475", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-12T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.1"}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-08-13T04:00Z"}