Lucene search

Ubuntu.comUB:CVE-2011-0754

HistoryFeb 02, 2011 - 12:00 a.m.

CVE-2011-0754

2011-02-0200:00:00

ubuntu.com

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.6%

JSON

The SplFileInfo::getType function in the Standard PHP Library (SPL)
extension in PHP before 5.3.4 on Windows does not properly detect symbolic
links, which might make it easier for local users to conduct symlink
attacks by leveraging cross-platform differences in the stat structure,
related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

References

launchpad.net/bugs/cve/CVE-2011-0754

nvd.nist.gov/vuln/detail/CVE-2011-0754

security-tracker.debian.org/tracker/CVE-2011-0754

www.cve.org/CVERecord?id=CVE-2011-0754

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.6%

JSON

Related for UB:CVE-2011-0754