Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0167

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-0167
Last Modified 07 Mar 2011 10:04:04
Published 18 May 2008 10:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0167

Summary

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Vulnerable Systems

Application

  • Gforge 4.5.14


References

DEBIAN - DSA-1577

XF - gforge-unspecified-symlink(42456)

VUPEN - ADV-2008-1537

BID - 29215

CONFIRM - http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz

SECUNIA - 30286

SECUNIA - 30088


Last Updated: 27 May 2016 10:46:42