Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0869

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0869
Last Modified 07 Mar 2011 09:30:56
Published 23 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0869

Summary

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

Vulnerable Systems

Application

  • Pear Liveuser 0.10.0

  • Pear Liveuser 0.11.0

  • Pear Liveuser 0.11.1

  • Pear Liveuser 0.12.0

  • Pear Liveuser 0.13.0

  • Pear Liveuser 0.13.1

  • Pear Liveuser 0.13.2

  • Pear Liveuser 0.13.3

  • Pear Liveuser 0.14.0

  • Pear Liveuser 0.15.0

  • Pear Liveuser 0.15.1

  • Pear Liveuser 0.16.0

  • Pear Liveuser 0.16.1

  • Pear Liveuser 0.16.2

  • Pear Liveuser 0.16.3

  • Pear Liveuser 0.16.4

  • Pear Liveuser 0.16.5

  • Pear Liveuser 0.16.6

  • Pear Liveuser 0.16.7

  • Pear Liveuser 0.16.8

  • Pear Liveuser 0.3

  • Pear Liveuser 0.5

  • Pear Liveuser 0.5.1

  • Pear Liveuser 0.6

  • Pear Liveuser 0.6.1

  • Pear Liveuser 0.7

  • Pear Liveuser 0.8

  • Pear Liveuser 0.8.1

  • Pear Liveuser 0.9


References

SECTRACK - 1015659

CONFIRM - http://pear.php.net/package/LiveUser/download/

XF - liveuser-liveuser-file-deletion(24853)

XF - liveuser-liveuser-file-access(24852)

VUPEN - ADV-2006-0697

BID - 16761

BUGTRAQ - 20060221 PEAR LiveUser File Access Vulnerabilities

MISC - http://www.gulftech.org/?node=research&article_id=00103-02212006

SREASON - 466


Last Updated: 27 May 2016 10:41:50