Lucene search

[email protected]CVE-2002-0202

HistoryMay 16, 2002 - 4:00 a.m.

CVE-2002-0202

2002-05-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0202

paintbbs 1.2

insecure permissions

local users

encrypted server password

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.

CPENameOperatorVersion
paintbbs:paintbbspaintbbseq1.2

CPE	Name	Operator	Version
paintbbs:paintbbs	paintbbs	eq	1.2

References

online.securityfocus.com/archive/1/251985

www.iss.net/security_center/static/7982.php

www.securityfocus.com/bid/3948

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON