Lucene search

RedhatCVE-2008-1614

HistoryApr 02, 2008 - 4:44 p.m.

CVE-2008-1614

2008-04-0216:44:00

CWE-264

redhat

web.nvd.nist.gov

suphp

privilege escalation

symlink

cve-2008-1614

nvd

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.

Affected configurations

Nvd

Node

sebastian_marschingsuphpRange≤0.6.2

VendorProductVersionCPE
sebastian_marschingsuphp*cpe:2.3:a:sebastian_marsching:suphp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sebastian_marsching	suphp	*	cpe:2.3:a:sebastian_marsching:suphp::::::::

References

lists.marsching.biz/pipermail/suphp/2008-March/001750.html

secunia.com/advisories/29615

secunia.com/advisories/29648

secunia.com/advisories/29872

www.debian.org/security/2008/dsa-1550

www.securityfocus.com/bid/28568

www.vupen.com/english/advisories/2008/1073/references

bugzilla.redhat.com/show_bug.cgi?id=439687

exchange.xforce.ibmcloud.com/vulnerabilities/41582

www.redhat.com/archives/fedora-package-announce/2008-April/msg00014.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00075.html

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-1614