Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1614

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1614
Last Modified 07 Mar 2011 10:07:21
Published 02 Apr 2008 12:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1614

Summary

suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.

Vulnerable Systems

Application

  • Sebastian Marsching Suphp 0.6.2


References

FEDORA - FEDORA-2008-2868

FEDORA - FEDORA-2008-2815

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=439687

XF - suphp-files-privilege-escalation(41582)

VUPEN - ADV-2008-1073

BID - 28568

DEBIAN - DSA-1550

SECUNIA - 29872

SECUNIA - 29648

SECUNIA - 29615

MLIST - [suPHP] 20080330 SECURITY ISSUE: Immediate update advised


Last Updated: 27 May 2016 10:47:36